CVE-2020-12695Incorrect Default Permissions in Hostapd

CWE-276Incorrect Default PermissionsCWE-918Server-Side Request Forgery19 documents10 sources
Severity
7.5HIGHNVD
EPSS
3.0%
top 13.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
GupnpW1.fi HostapdCanonical Ubuntu Linux+3 more
Timeline
PublishedJun 8
Latest updateMay 24

Description

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:HExploitability: 2.2 | Impact: 4.7

Affected Packages3 packages

Debiangupnp/gupnp< 1.2.3-1+3
NVDw1.fi/hostapd< 2.0.0
NVDmicrosoft/xbox_one10.0.19041.2494

Also affects: Debian Linux 10.0, 9.0, Fedora 31, 32, Ubuntu Linux 20.04

🔴Vulnerability Details

6
GHSA
GHSA-wp9w-2vp9-wg66: The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on2022-05-24
OSV
wpa vulnerabilities2021-02-16
OSV
wpa vulnerabilities2021-02-11
OSV
minidlna vulnerabilities2021-02-04
OSV
CVE-2020-12695: The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on2020-06-08

🔍Detection Rules

2
Suricata
ET DOS CallStranger - Attempted UPnP Reflected Amplified TCP with Multiple Callbacks (CVE-2020-12695)2020-06-15
Suricata
ET SCAN UPnP SUBSCRIBE Inbound - Possible CallStranger Scan (CVE-2020-12695)2020-06-09

📋Vendor Advisories

6
Ubuntu
wpa_supplicant and hostapd vulnerabilities2021-02-16
Ubuntu
wpa_supplicant and hostapd vulnerabilities2021-02-11
Ubuntu
ReadyMedia (MiniDLNA) vulnerabilities2021-02-04
Ubuntu
GUPnP vulnerability2020-09-15
Red Hat
hostapd: UPnP SUBSCRIBE misbehavior in WPS AP2020-06-08

💬Community

3
Bugzilla
CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP [fedora-all]2020-06-10
Bugzilla
CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP2020-06-10
Bugzilla
CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP [epel-all]2020-06-10
CVE-2020-12695 — Incorrect Default Permissions | cvebase