VDB

CVE-2020-12695

CVE-2020-12695 PUBLISHED

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

EPSS 3.98% · 88.6th percentile

Risk Scores

EPSS Score
3.98%
88.6th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSlibupnp1:1.6.19+git20160116-1, *, 0
Ubuntu:16.04:LTSminidlna1.1.4+dfsg-4build1, 1.1.5+dfsg-2, 1.1.5+dfsg-1
Ubuntu:18.04:LTSwpa2:2.6-15ubuntu2.6, *, 2:2.6-15ubuntu2.3
Ubuntu:18.04:LTSpupnp-1.81:1.8.2-3, 1:1.8.2-2, 0
Ubuntu:16.04:LTSwpa2.4-0ubuntu6.5, 0, 2.4-0ubuntu3
Ubuntu:18.04:LTSgupnp0, 1.0.1-1, 1.0.2-1
Ubuntu:Pro:14.04:LTSwpa2.1-0ubuntu1.3, 2.1-0ubuntu1.5, 2.1-0ubuntu1.6
Ubuntu:20.04:LTSminidlna*, 0
Ubuntu:18.04:LTSlibupnp1:1.6.22-1, 1:1.6.24-2, 1:1.6.24-3
Ubuntu:16.04:LTSgupnp0, 0.20.15-1, 0.20.16-1
Ubuntu:18.04:LTSminidlna1.2.0+dfsg-2, 1.2.1+dfsg-1, 0
Ubuntu:20.04:LTSgupnp1.2.1-2, 1.2.1-1, 0
Ubuntu:20.04:LTSwpa2:2.9-1ubuntu4.1, 2:2.9-1ubuntu4, 2:2.9-1ubuntu2
Ubuntu:20.04:LTSpupnp-1.80, *
Ubuntu:22.04:LTSpupnp-1.80, 1:1.8.4-2ubuntu2

Timeline

  • Jun 8, 2020 CVE Published
  • Jun 9, 2020 PoC Published
  • Jun 9, 2020 PoC Published
  • Jun 9, 2020 PoC Published
  • Jun 10, 2020 PoC Published
  • Jun 15, 2020 PoC Published
  • Aug 21, 2020 PoC Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 1, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›