logo
DATABASE RESOURCES PRICING ABOUT US

CERT/CC Reports Vulnerability in Universal Plug and Play Protocol

Description

The CERT Coordination Center (CERT/CC) has released information on a vulnerability—CVE-2020-12695—affecting versions of the Universal Plug and Play (UPnP) protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could exploit this vulnerability to cause a distributed denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages vendors and internet service providers (ISPs) to review CERT/CC’s Vulnerability Note [VU#339275](< https://www.kb.cert.org/vuls/id/339275>) and implement the [updated specifications](<https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf>) provided by the Open Connectivity Framework. This product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy. **Please share your thoughts.** We recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/06/09/certcc-reports-vulnerability-universal-plug-and-play-protocol>); we'd welcome your feedback.


Related