Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20200701-01-UPNP
HistoryJul 01, 2020 - 12:00 a.m.

Security Advisory - CallStranger Vulnerability in UPnP Protocol

2020-07-0100:00:00
Huawei Technologies
www.huawei.com
75

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

0.005 Low

EPSS

Percentile

77.5%

There is an vulnerability in UPnP protocol that does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, named CallStranger. The UPnP function of Huawei product is enabled only on the LAN side and is not enabled on the WAN side. (Vulnerability ID: HWPSIRT-2020-04132)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-12695.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-upnp-en

Affected configurations

Vulners
Node
huaweie6878-370Match10.0.5.1
OR
huaweihuawei_firmwareMatch10.0.1.1
CPENameOperatorVersion
e6878-370eq10.0.5.1
h112-372eq10.0.1.1

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

0.005 Low

EPSS

Percentile

77.5%