openSUSE Security Update : minidlna (openSUSE-2020-2160)

2020-12-07T00:00:00

Description

This update for minidlna fixes the following issues : minidlna was updated to version 1.3.0 (boo#1179447) - Fixed some build warnings when building with musl. - Use $USER instead of $LOGNAME for the default friendly name. - Fixed build with GCC 10 - Fixed some warnings from newer compilers - Disallow negative HTTP chunk lengths. [CVE-2020-28926] - Validate SUBSCRIBE callback URL. [CVE-2020-12695] - Fixed spurious warnings with ogg coverart - Fixed an issue with VLC where browse results would be truncated. - Fixed bookmarks on Samsung Q series - Added DSD file support. - Fixed potential stack smash vulnerability in getsyshwaddr on macOS. - Will now reload the log file on SIGHUP. - Worked around bad SearchCriteria from the Control4 Android app. - Increased max supported network addresses to 8. - Added forced alphasort capability. - Added episode season and number metadata support. - Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option. - Fixed discovery when connected to certain WiFi routers. - Added FreeBSD kqueue support. - Added the ability to set the group to run as.

{"id": "OPENSUSE-2020-2160.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : minidlna (openSUSE-2020-2160)", "description": "This update for minidlna fixes the following issues :\n\nminidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n\n - Use $USER instead of $LOGNAME for the default friendly name.\n\n - Fixed build with GCC 10\n\n - Fixed some warnings from newer compilers\n\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n\n - Fixed spurious warnings with ogg coverart\n\n - Fixed an issue with VLC where browse results would be truncated.\n\n - Fixed bookmarks on Samsung Q series\n\n - Added DSD file support.\n\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n\n - Will now reload the log file on SIGHUP.\n\n - Worked around bad SearchCriteria from the Control4 Android app.\n\n - Increased max supported network addresses to 8.\n\n - Added forced alphasort capability.\n\n - Added episode season and number metadata support.\n\n - Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option.\n\n - Fixed discovery when connected to certain WiFi routers.\n\n - Added FreeBSD kqueue support.\n\n - Added the ability to set the group to run as.", "published": "2020-12-07T00:00:00", "modified": "2022-05-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/143514", "reporter": "This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28926", "https://bugzilla.opensuse.org/show_bug.cgi?id=1179447", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695"], "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "immutableFields": [], "lastseen": "2022-06-23T15:15:31", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1789"]}, {"type": "archlinux", "idList": ["ASA-202012-15", "ASA-202012-16"]}, {"type": "attackerkb", "idList": ["AKB:DB7D4D6F-62DF-4B24-B7A1-C8B584415E20"]}, {"type": "cert", "idList": ["VU:339275"]}, {"type": "cisa", "idList": ["CISA:74EFEC5277573BE85C62E67E38E79292"]}, {"type": "cve", "idList": ["CVE-2020-12695", "CVE-2020-28926"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2315-1:5392C", "DEBIAN:DLA-2315-1:6010C", "DEBIAN:DLA-2318-1:45FB2", "DEBIAN:DLA-2318-1:520EC", "DEBIAN:DLA-2489-1:3AE0D", "DEBIAN:DSA-4806-1:B822C", "DEBIAN:DSA-4898-1:31848", "DEBIAN:DSA-4898-1:A816A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-12695", "DEBIANCVE:CVE-2020-28926"]}, {"type": "fedora", "idList": ["FEDORA:0B46530DA8F6", "FEDORA:220BE30995DA", "FEDORA:84CF8310A07C", "FEDORA:9F8A130DA8F9", "FEDORA:A8437308DCC4"]}, {"type": "githubexploit", "idList": ["4C38E174-1CE3-5FBF-A67F-3C932DD0F7EA", "BE8163ED-A55D-547F-A284-5B1D252ABFC9", "C18EF8FF-84A8-5937-AEA3-C2D3D08F9F65"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200701-01-UPNP"]}, {"type": "mageia", "idList": ["MGASA-2020-0304", "MGASA-2020-0483"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1F038DB7EFBB36EF80C56CAFA6D41B90"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2021-1789.NASL", "CENTOS8_RHSA-2021-1789.NASL", "DEBIAN_DLA-2315.NASL", "DEBIAN_DLA-2318.NASL", "DEBIAN_DLA-2489.NASL", "DEBIAN_DSA-4806.NASL", "DEBIAN_DSA-4898.NASL", "EULEROS_SA-2020-1981.NASL", "EULEROS_SA-2020-2276.NASL", "EULEROS_SA-2020-2477.NASL", "EULEROS_SA-2021-1131.NASL", "EULEROS_SA-2021-1372.NASL", "FEDORA_2020-1F7FC0D0C9.NASL", "FEDORA_2020-DF3E1CFDE9.NASL", "FEDORA_2020-E538E3E526.NASL", "NEWSTART_CGSL_NS-SA-2022-0060_GUPNP.NASL", "NEWSTART_CGSL_NS-SA-2022-0065_GSSDP.NASL", "OPENSUSE-2020-2194.NASL", "OPENSUSE-2021-519.NASL", "ORACLELINUX_ELSA-2021-1789.NASL", "REDHAT-RHSA-2021-1789.NASL", "SLACKWARE_SSA_2021-362-01.NASL", "UBUNTU_USN-4494-1.NASL", "UBUNTU_USN-4722-1.NASL", "UBUNTU_USN-4734-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310878022", "OPENVAS:1361412562310878034", "OPENVAS:1361412562310878036"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-1789"]}, {"type": "osv", "idList": ["OSV:DLA-2315-1", "OSV:DLA-2318-1", "OSV:DLA-2489-1", "OSV:DSA-4806-1", "OSV:DSA-4898-1"]}, {"type": "redhat", "idList": ["RHSA-2021:1789"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-12695"]}, {"type": "slackware", "idList": ["SSA-2021-362-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2160-1", "OPENSUSE-SU-2020:2194-1", "OPENSUSE-SU-2020:2204-1", "OPENSUSE-SU-2020:2226-1", "OPENSUSE-SU-2021:0519-1", "OPENSUSE-SU-2021:0545-1"]}, {"type": "thn", "idList": ["THN:9359327FB0FF84D47C4321156FD64C6B"]}, {"type": "ubuntu", "idList": ["USN-4494-1", "USN-4722-1", "USN-4734-1", "USN-4734-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-12695", "UB:CVE-2020-28926"]}, {"type": "veracode", "idList": ["VERACODE:26264", "VERACODE:28507"]}]}, "score": {"value": -0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1789"]}, {"type": "archlinux", "idList": ["ASA-202012-15", "ASA-202012-16"]}, {"type": "attackerkb", "idList": ["AKB:DB7D4D6F-62DF-4B24-B7A1-C8B584415E20"]}, {"type": "cisa", "idList": ["CISA:74EFEC5277573BE85C62E67E38E79292"]}, {"type": "cve", "idList": ["CVE-2020-12695"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2315-1:6010C", "DEBIAN:DLA-2318-1:45FB2", "DEBIAN:DLA-2489-1:3AE0D", "DEBIAN:DSA-4806-1:B822C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-12695"]}, {"type": "fedora", "idList": ["FEDORA:0B46530DA8F6", "FEDORA:220BE30995DA", "FEDORA:84CF8310A07C", "FEDORA:9F8A130DA8F9", "FEDORA:A8437308DCC4"]}, {"type": "githubexploit", "idList": ["4C38E174-1CE3-5FBF-A67F-3C932DD0F7EA", "C18EF8FF-84A8-5937-AEA3-C2D3D08F9F65"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200701-01-UPNP"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1F038DB7EFBB36EF80C56CAFA6D41B90"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-1789.NASL", "DEBIAN_DLA-2315.NASL", "DEBIAN_DLA-2489.NASL", "DEBIAN_DSA-4806.NASL", "FEDORA_2020-1F7FC0D0C9.NASL", "FEDORA_2020-DF3E1CFDE9.NASL", "OPENSUSE-2020-2194.NASL", "ORACLELINUX_ELSA-2021-1789.NASL", "REDHAT-RHSA-2021-1789.NASL", "SLACKWARE_SSA_2021-362-01.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310878022", "OPENVAS:1361412562310878034", "OPENVAS:1361412562310878036"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-1789"]}, {"type": "redhat", "idList": ["RHSA-2021:1789"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-12695"]}, {"type": "slackware", "idList": ["SSA-2021-362-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2160-1", "OPENSUSE-SU-2020:2194-1", "OPENSUSE-SU-2020:2204-1", "OPENSUSE-SU-2020:2226-1", "OPENSUSE-SU-2021:0519-1", "OPENSUSE-SU-2021:0545-1"]}, {"type": "thn", "idList": ["THN:9359327FB0FF84D47C4321156FD64C6B"]}, {"type": "ubuntu", "idList": ["USN-4494-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-28926"]}]}, "exploitation": null, "vulnersScore": -0.7}, "_state": {"dependencies": 1659998956, "score": 1659890495}, "_internal": {"score_hash": "8fef9e388c96ed0102832be2f055c554"}, "pluginID": "143514", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2160.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143514);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2020-28926\");\n\n script_name(english:\"openSUSE Security Update : minidlna (openSUSE-2020-2160)\");\n script_summary(english:\"Check for the openSUSE-2020-2160 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for minidlna fixes the following issues :\n\nminidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n\n - Use $USER instead of $LOGNAME for the default friendly\n name.\n\n - Fixed build with GCC 10\n\n - Fixed some warnings from newer compilers\n\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n\n - Fixed spurious warnings with ogg coverart\n\n - Fixed an issue with VLC where browse results would be\n truncated.\n\n - Fixed bookmarks on Samsung Q series\n\n - Added DSD file support.\n\n - Fixed potential stack smash vulnerability in\n getsyshwaddr on macOS.\n\n - Will now reload the log file on SIGHUP.\n\n - Worked around bad SearchCriteria from the Control4\n Android app.\n\n - Increased max supported network addresses to 8.\n\n - Added forced alphasort capability.\n\n - Added episode season and number metadata support.\n\n - Enabled subtitles by default for unknown DLNA clients,\n and add enable_subtitles config option.\n\n - Fixed discovery when connected to certain WiFi routers.\n\n - Added FreeBSD kqueue support.\n\n - Added the ability to set the group to run as.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179447\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected minidlna packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"minidlna-1.3.0-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"minidlna-debuginfo-1.3.0-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"minidlna-debugsource-1.3.0-lp152.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"minidlna / minidlna-debuginfo / minidlna-debugsource\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:minidlna", "p-cpe:/a:novell:opensuse:minidlna-debuginfo", "p-cpe:/a:novell:opensuse:minidlna-debugsource", "cpe:/o:novell:opensuse:15.2"], "solution": "Update the affected minidlna packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2020-12695", "vpr": {"risk factor": "High", "score": "7.8"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2020-12-04T00:00:00", "vulnerabilityPublicationDate": "2020-06-08T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2022-06-23T15:13:47", "description": "It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the'CallStranger' UPnP vulnerability.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "Debian DSA-4806-1 : minidlna - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:minidlna", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4806.NASL", "href": "https://www.tenable.com/plugins/nessus/143544", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4806. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143544);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2020-28926\");\n script_xref(name:\"DSA\", value:\"4806\");\n\n script_name(english:\"Debian DSA-4806-1 : minidlna - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that missing input validation in minidlna, a\nlightweight DLNA/UPnP-AV server could result in the execution of\narbitrary code. In addition minidlna was susceptible to\nthe'CallStranger' UPnP vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/minidlna\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/minidlna\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4806\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the minidlna packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 1.2.1+dfsg-2+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minidlna\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"minidlna\", reference:\"1.2.1+dfsg-2+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-23T15:14:23", "description": "This update for minidlna fixes the following issues :\n\nminidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n\n - Use $USER instead of $LOGNAME for the default friendly name.\n\n - Fixed build with GCC 10\n\n - Fixed some warnings from newer compilers\n\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n\n - Fixed spurious warnings with ogg coverart\n\n - Fixed an issue with VLC where browse results would be truncated.\n\n - Fixed bookmarks on Samsung Q series\n\n - Added DSD file support.\n\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n\n - Will now reload the log file on SIGHUP.\n\n - Worked around bad SearchCriteria from the Control4 Android app.\n\n - Increased max supported network addresses to 8.\n\n - Added forced alphasort capability.\n\n - Added episode season and number metadata support.\n\n - Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option.\n\n - Fixed discovery when connected to certain WiFi routers.\n\n - Added FreeBSD kqueue support.\n\n - Added the ability to set the group to run as.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : minidlna (openSUSE-2020-2194)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:minidlna", "p-cpe:/a:novell:opensuse:minidlna-debuginfo", "p-cpe:/a:novell:opensuse:minidlna-debugsource", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2194.NASL", "href": "https://www.tenable.com/plugins/nessus/143548", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2194.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143548);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2020-28926\");\n\n script_name(english:\"openSUSE Security Update : minidlna (openSUSE-2020-2194)\");\n script_summary(english:\"Check for the openSUSE-2020-2194 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for minidlna fixes the following issues :\n\nminidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n\n - Use $USER instead of $LOGNAME for the default friendly\n name.\n\n - Fixed build with GCC 10\n\n - Fixed some warnings from newer compilers\n\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n\n - Fixed spurious warnings with ogg coverart\n\n - Fixed an issue with VLC where browse results would be\n truncated.\n\n - Fixed bookmarks on Samsung Q series\n\n - Added DSD file support.\n\n - Fixed potential stack smash vulnerability in\n getsyshwaddr on macOS.\n\n - Will now reload the log file on SIGHUP.\n\n - Worked around bad SearchCriteria from the Control4\n Android app.\n\n - Increased max supported network addresses to 8.\n\n - Added forced alphasort capability.\n\n - Added episode season and number metadata support.\n\n - Enabled subtitles by default for unknown DLNA clients,\n and add enable_subtitles config option.\n\n - Fixed discovery when connected to certain WiFi routers.\n\n - Added FreeBSD kqueue support.\n\n - Added the ability to set the group to run as.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179447\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected minidlna packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"minidlna-1.3.0-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"minidlna-debuginfo-1.3.0-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"minidlna-debugsource-1.3.0-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"minidlna / minidlna-debuginfo / minidlna-debugsource\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-23T15:14:18", "description": "It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the 'CallStranger' UPnP vulnerability.\n\nFor Debian 9 stretch, these problems have been fixed in version 1.1.6+dfsg-1+deb9u1.\n\nWe recommend that you upgrade your minidlna packages.\n\nFor the detailed security status of minidlna please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/minidlna\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-11T00:00:00", "type": "nessus", "title": "Debian DLA-2489-1 : minidlna security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:minidlna", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2489.NASL", "href": "https://www.tenable.com/plugins/nessus/144092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2489-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144092);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2020-28926\");\n\n script_name(english:\"Debian DLA-2489-1 : minidlna security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that missing input validation in minidlna, a\nlightweight DLNA/UPnP-AV server could result in the execution of\narbitrary code. In addition minidlna was susceptible to the\n'CallStranger' UPnP vulnerability.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.1.6+dfsg-1+deb9u1.\n\nWe recommend that you upgrade your minidlna packages.\n\nFor the detailed security status of minidlna please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/minidlna\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/minidlna\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/minidlna\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected minidlna package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minidlna\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"minidlna\", reference:\"1.1.6+dfsg-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:47:32", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4722-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. (CVE-2020-28926)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : ReadyMedia (MiniDLNA) vulnerabilities (USN-4722-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:minidlna"], "id": "UBUNTU_USN-4722-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146209", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4722-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146209);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2020-28926\");\n script_xref(name:\"USN\", value:\"4722-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : ReadyMedia (MiniDLNA) vulnerabilities (USN-4722-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has a package installed that is affected by multiple\nvulnerabilities as referenced in the USN-4722-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP\n HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in\n a buffer overflow in calls to memcpy/memmove. (CVE-2020-28926)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4722-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected minidlna package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28926\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:minidlna\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'minidlna', 'pkgver': '1.1.5+dfsg-2ubuntu0.1'},\n {'osver': '18.04', 'pkgname': 'minidlna', 'pkgver': '1.2.1+dfsg-1ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'minidlna', 'pkgver': '1.2.1+dfsg-1ubuntu0.20.04.1'},\n {'osver': '20.10', 'pkgname': 'minidlna', 'pkgver': '1.2.1+dfsg-2ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'minidlna');\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:44:23", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1789 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : gssdp and gupnp (ALSA-2021:1789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:gssdp", "p-cpe:/a:alma:linux:gssdp-devel", "p-cpe:/a:alma:linux:gssdp-docs", "p-cpe:/a:alma:linux:gupnp-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/157724", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:1789.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157724);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"ALSA\", value:\"2021:1789\");\n\n script_name(english:\"AlmaLinux 8 : gssdp and gupnp (ALSA-2021:1789)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2021:1789 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-1789.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gssdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gssdp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gupnp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-docs-1.0.5-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gssdp / gssdp-devel / gssdp-docs / gupnp-devel');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:49:19", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has gssdp packages installed that are affected by a vulnerability:\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : gssdp Vulnerability (NS-SA-2022-0065)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:gssdp", "p-cpe:/a:zte:cgsl_main:gssdp-debuginfo", "p-cpe:/a:zte:cgsl_main:gssdp-debugsource", "p-cpe:/a:zte:cgsl_main:gssdp-devel", "p-cpe:/a:zte:cgsl_main:gssdp-docs", "p-cpe:/a:zte:cgsl_main:gssdp-utils", "p-cpe:/a:zte:cgsl_main:gssdp-utils-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0065_GSSDP.NASL", "href": "https://www.tenable.com/plugins/nessus/160741", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0065. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160741);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-12695\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : gssdp Vulnerability (NS-SA-2022-0065)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has gssdp packages installed that are affected by a\nvulnerability:\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0065\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12695\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL gssdp packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'gssdp-1.0.5-1.el8',\n 'gssdp-debuginfo-1.0.5-1.el8',\n 'gssdp-debugsource-1.0.5-1.el8',\n 'gssdp-devel-1.0.5-1.el8',\n 'gssdp-docs-1.0.5-1.el8',\n 'gssdp-utils-1.0.5-1.el8',\n 'gssdp-utils-debuginfo-1.0.5-1.el8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gssdp');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-18T00:00:55", "description": "Yunus Çadırcı found an issue in the SUBSCRIBE method of UPnP, a network protocol for devices to automatically discover and communicate with each other. Insuficient checks on this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to bypass firewalls.\n\nFor Debian 9 stretch, this problem has been fixed in version 1.0.1-1+deb9u1.\n\nWe recommend that you upgrade your gupnp packages.\n\nFor the detailed security status of gupnp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gupnp\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-08-07T00:00:00", "type": "nessus", "title": "Debian DLA-2315-1 : gupnp security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-gupnp-1.0", "p-cpe:/a:debian:debian_linux:libgupnp-1.0-4", "p-cpe:/a:debian:debian_linux:libgupnp-1.0-dev", "p-cpe:/a:debian:debian_linux:libgupnp-doc", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2315.NASL", "href": "https://www.tenable.com/plugins/nessus/139388", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2315-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139388);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-12695\");\n\n script_name(english:\"Debian DLA-2315-1 : gupnp security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Yunus Çadırcı found an issue in the SUBSCRIBE\nmethod of UPnP, a network protocol for devices to automatically\ndiscover and communicate with each other. Insuficient checks on this\nmethod allowed attackers to use vulnerable UPnP services for DoS\nattacks or possibly to bypass firewalls.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.1-1+deb9u1.\n\nWe recommend that you upgrade your gupnp packages.\n\nFor the detailed security status of gupnp please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/gupnp\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/gupnp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/gupnp\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-gupnp-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgupnp-1.0-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgupnp-1.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgupnp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"gir1.2-gupnp-1.0\", reference:\"1.0.1-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgupnp-1.0-4\", reference:\"1.0.1-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgupnp-1.0-dev\", reference:\"1.0.1-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgupnp-doc\", reference:\"1.0.1-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-17T23:57:31", "description": "Security update for CVE-2020-12695 (CallStranger)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "Fedora 31 : gssdp / gupnp (2020-e538e3e526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gssdp", "p-cpe:/a:fedoraproject:fedora:gupnp", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-E538E3E526.NASL", "href": "https://www.tenable.com/plugins/nessus/138243", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-e538e3e526.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138243);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"FEDORA\", value:\"2020-e538e3e526\");\n\n script_name(english:\"Fedora 31 : gssdp / gupnp (2020-e538e3e526)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security update for CVE-2020-12695 (CallStranger)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-e538e3e526\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected gssdp and / or gupnp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"gssdp-1.0.4-1.fc31\")) flag++;\nif (rpm_check(release:\"FC31\", reference:\"gupnp-1.0.5-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gssdp / gupnp\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-17T23:55:42", "description": "Security update for CVE-2020-12695 (CallStranger)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-07-06T00:00:00", "type": "nessus", "title": "Fedora 32 : gssdp / gupnp (2020-1f7fc0d0c9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gssdp", "p-cpe:/a:fedoraproject:fedora:gupnp", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-1F7FC0D0C9.NASL", "href": "https://www.tenable.com/plugins/nessus/138109", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-1f7fc0d0c9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138109);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"FEDORA\", value:\"2020-1f7fc0d0c9\");\n\n script_name(english:\"Fedora 32 : gssdp / gupnp (2020-1f7fc0d0c9)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security update for CVE-2020-12695 (CallStranger)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-1f7fc0d0c9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected gssdp and / or gupnp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"gssdp-1.0.4-1.fc32\")) flag++;\nif (rpm_check(release:\"FC32\", reference:\"gupnp-1.0.5-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gssdp / gupnp\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-17T23:58:25", "description": "Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-07-06T00:00:00", "type": "nessus", "title": "Fedora 32 : hostapd (2020-df3e1cfde9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:hostapd", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-DF3E1CFDE9.NASL", "href": "https://www.tenable.com/plugins/nessus/138120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-df3e1cfde9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138120);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"FEDORA\", value:\"2020-df3e1cfde9\");\n\n script_name(english:\"Fedora 32 : hostapd (2020-df3e1cfde9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-df3e1cfde9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"hostapd-2.9-4.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-18T00:03:30", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4494-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-09-15T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : GUPnP vulnerability (USN-4494-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-11-24T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-gupnp-1.2", "p-cpe:/a:canonical:ubuntu_linux:libgupnp-1.2-0", "p-cpe:/a:canonical:ubuntu_linux:libgupnp-1.2-dev"], "id": "UBUNTU_USN-4494-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140590", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4494-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140590);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"USN\", value:\"4494-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : GUPnP vulnerability (USN-4494-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the\nUSN-4494-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4494-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gir1.2-gupnp-1.2, libgupnp-1.2-0 and / or libgupnp-1.2-dev packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-gupnp-1.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgupnp-1.2-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgupnp-1.2-dev\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '20.04', 'pkgname': 'gir1.2-gupnp-1.2', 'pkgver': '1.2.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libgupnp-1.2-0', 'pkgver': '1.2.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libgupnp-1.2-dev', 'pkgver': '1.2.3-0ubuntu0.20.04.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-gupnp-1.2 / libgupnp-1.2-0 / libgupnp-1.2-dev');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-23T15:11:45", "description": "According to the version of the wpa_supplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : wpa_supplicant (EulerOS-SA-2020-2477)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2020-2477.NASL", "href": "https://www.tenable.com/plugins/nessus/142553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142553);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12695\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : wpa_supplicant (EulerOS-SA-2020-2477)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification\n before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different\n network segment than the fully qualified\n event-subscription URL, aka the CallStranger\n issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2477\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?65e3f8e6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-9.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-23T15:09:50", "description": "According to the version of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : wpa_supplicant (EulerOS-SA-2020-2276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2276.NASL", "href": "https://www.tenable.com/plugins/nessus/142089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142089);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12695\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : wpa_supplicant (EulerOS-SA-2020-2276)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The Open Connectivity Foundation UPnP specification\n before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different\n network segment than the fully qualified\n event-subscription URL, aka the CallStranger\n issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2276\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d755d80\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-9.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-18T00:04:10", "description": "According to the version of the wpa_supplicant package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : wpa_supplicant (EulerOS-SA-2020-1981)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1981.NASL", "href": "https://www.tenable.com/plugins/nessus/140351", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140351);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12695\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : wpa_supplicant (EulerOS-SA-2020-1981)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification\n before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different\n network segment than the fully qualified\n event-subscription URL, aka the CallStranger\n issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1981\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ac7aba5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-9.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:46:37", "description": "According to the version of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2021-1372)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1372.NASL", "href": "https://www.tenable.com/plugins/nessus/146724", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146724);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2020-12695\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2021-1372)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The Open Connectivity Foundation UPnP specification\n before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different\n network segment than the fully qualified\n event-subscription URL, aka the CallStranger\n issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1372\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb2a9dd9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:52:15", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1789 advisory.\n\n - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : gssdp and gupnp (RHSA-2021:1789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:gssdp", "p-cpe:/a:redhat:enterprise_linux:gssdp-devel", "p-cpe:/a:redhat:enterprise_linux:gssdp-docs", "p-cpe:/a:redhat:enterprise_linux:gupnp", "p-cpe:/a:redhat:enterprise_linux:gupnp-devel"], "id": "REDHAT-RHSA-2021-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/149658", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1789. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149658);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"RHSA\", value:\"2021:1789\");\n\n script_name(english:\"RHEL 8 : gssdp and gupnp (RHSA-2021:1789)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:1789 advisory.\n\n - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/918.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1846006\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 400, 918);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gssdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gssdp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gupnp-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-docs-1.0.5-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gssdp / gssdp-devel / gssdp-docs / gupnp / gupnp-devel');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:52:52", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:1789 advisory.\n\n - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "CentOS 8 : gssdp and gupnp (CESA-2021:1789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:gssdp", "p-cpe:/a:centos:centos:gssdp-devel", "p-cpe:/a:centos:centos:gssdp-docs", "p-cpe:/a:centos:centos:gupnp", "p-cpe:/a:centos:centos:gupnp-devel"], "id": "CENTOS8_RHSA-2021-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/149763", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1789. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149763);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/02\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"RHSA\", value:\"2021:1789\");\n\n script_name(english:\"CentOS 8 : gssdp and gupnp (CESA-2021:1789)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:1789 advisory.\n\n - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gssdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gssdp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gupnp-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-docs-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-docs-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gssdp / gssdp-devel / gssdp-docs / gupnp / gupnp-devel');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:52:32", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1789 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : gssdp / and / gupnp (ELSA-2021-1789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-05-27T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:gssdp", "p-cpe:/a:oracle:linux:gssdp-devel", "p-cpe:/a:oracle:linux:gssdp-docs", "p-cpe:/a:oracle:linux:gupnp", "p-cpe:/a:oracle:linux:gupnp-devel"], "id": "ORACLELINUX_ELSA-2021-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/149916", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-1789.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149916);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/27\");\n\n script_cve_id(\"CVE-2020-12695\");\n\n script_name(english:\"Oracle Linux 8 : gssdp / and / gupnp (ELSA-2021-1789)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-1789 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-1789.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gssdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gssdp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gupnp-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-docs-1.0.5-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gssdp / gssdp-devel / gssdp-docs / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:44:20", "description": "According to the version of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2021-1131)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-01-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1131.NASL", "href": "https://www.tenable.com/plugins/nessus/145214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145214);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2020-12695\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2021-1131)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The Open Connectivity Foundation UPnP specification\n before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different\n network segment than the fully qualified\n event-subscription URL, aka the CallStranger\n issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1131\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?949bf168\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:48:20", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has gupnp packages installed that are affected by multiple vulnerabilities:\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. (CVE-2021-33516)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : gupnp Multiple Vulnerabilities (NS-SA-2022-0060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2021-33516"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:gupnp", "p-cpe:/a:zte:cgsl_main:gupnp-debuginfo", "p-cpe:/a:zte:cgsl_main:gupnp-debugsource", "p-cpe:/a:zte:cgsl_main:gupnp-devel", "p-cpe:/a:zte:cgsl_main:gupnp-docs", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0060_GUPNP.NASL", "href": "https://www.tenable.com/plugins/nessus/160727", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0060. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160727);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2021-33516\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : gupnp Multiple Vulnerabilities (NS-SA-2022-0060)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has gupnp packages installed that are affected by multiple\nvulnerabilities:\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A\n remote web server can exploit this vulnerability to trick a victim's browser into triggering actions\n against local UPnP services implemented using this library. Depending on the affected service, this could\n be used for data exfiltration, data tempering, etc. (CVE-2021-33516)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0060\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12695\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33516\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL gupnp packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33516\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gupnp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gupnp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gupnp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gupnp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'gupnp-1.0.6-2.el8_4',\n 'gupnp-debuginfo-1.0.6-2.el8_4',\n 'gupnp-debugsource-1.0.6-2.el8_4',\n 'gupnp-devel-1.0.6-2.el8_4',\n 'gupnp-docs-1.0.6-2.el8_4'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gupnp');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-10T16:01:33", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4734-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.\n This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 (CVE-2021-0326)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : wpa_supplicant and hostapd vulnerabilities (USN-4734-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326"], "modified": "2021-02-19T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:hostapd", "p-cpe:/a:canonical:ubuntu_linux:wpagui", "p-cpe:/a:canonical:ubuntu_linux:wpasupplicant", "p-cpe:/a:canonical:ubuntu_linux:wpasupplicant-udeb"], "id": "UBUNTU_USN-4734-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146437", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4734-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146437);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2021-0326\");\n script_xref(name:\"USN\", value:\"4734-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : wpa_supplicant and hostapd vulnerabilities (USN-4734-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4734-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.\n This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no\n additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 (CVE-2021-0326)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4734-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0326\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:wpagui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:wpasupplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:wpasupplicant-udeb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'hostapd', 'pkgver': '1:2.4-0ubuntu6.7'},\n {'osver': '16.04', 'pkgname': 'wpagui', 'pkgver': '2.4-0ubuntu6.7'},\n {'osver': '16.04', 'pkgname': 'wpasupplicant', 'pkgver': '2.4-0ubuntu6.7'},\n {'osver': '16.04', 'pkgname': 'wpasupplicant-udeb', 'pkgver': '2.4-0ubuntu6.7'},\n {'osver': '18.04', 'pkgname': 'hostapd', 'pkgver': '2:2.6-15ubuntu2.7'},\n {'osver': '18.04', 'pkgname': 'wpagui', 'pkgver': '2:2.6-15ubuntu2.7'},\n {'osver': '18.04', 'pkgname': 'wpasupplicant', 'pkgver': '2:2.6-15ubuntu2.7'},\n {'osver': '18.04', 'pkgname': 'wpasupplicant-udeb', 'pkgver': '2:2.6-15ubuntu2.7'},\n {'osver': '20.04', 'pkgname': 'hostapd', 'pkgver': '2:2.9-1ubuntu4.2'},\n {'osver': '20.04', 'pkgname': 'wpagui', 'pkgver': '2:2.9-1ubuntu4.2'},\n {'osver': '20.04', 'pkgname': 'wpasupplicant', 'pkgver': '2:2.9-1ubuntu4.2'},\n {'osver': '20.04', 'pkgname': 'wpasupplicant-udeb', 'pkgver': '2:2.9-1ubuntu4.2'},\n {'osver': '20.10', 'pkgname': 'hostapd', 'pkgver': '2:2.9-1ubuntu8.1'},\n {'osver': '20.10', 'pkgname': 'wpagui', 'pkgver': '2:2.9-1ubuntu8.1'},\n {'osver': '20.10', 'pkgname': 'wpasupplicant', 'pkgver': '2:2.9-1ubuntu8.1'},\n {'osver': '20.10', 'pkgname': 'wpasupplicant-udeb', 'pkgver': '2:2.9-1ubuntu8.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'hostapd / wpagui / wpasupplicant / wpasupplicant-udeb');\n}", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-18T00:00:54", "description": "The following CVE(s) have been reported against src:wpa.\n\nCVE-2019-10064\n\nhostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.\n\nCVE-2020-12695\n\nThe Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.\n\nFor Debian 9 stretch, these problems have been fixed in version 2:2.4-1+deb9u7.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-08-10T00:00:00", "type": "nessus", "title": "Debian DLA-2318-1 : wpa security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10743", "CVE-2019-10064", "CVE-2020-12695"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:hostapd", "p-cpe:/a:debian:debian_linux:wpagui", "p-cpe:/a:debian:debian_linux:wpasupplicant", "p-cpe:/a:debian:debian_linux:wpasupplicant-udeb", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2318.NASL", "href": "https://www.tenable.com/plugins/nessus/139429", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2318-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139429);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2019-10064\", \"CVE-2020-12695\");\n\n script_name(english:\"Debian DLA-2318-1 : wpa security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following CVE(s) have been reported against src:wpa.\n\nCVE-2019-10064\n\nhostapd before 2.6, in EAP mode, makes calls to the rand() and\nrandom() standard library functions without any preceding srand() or\nsrandom() call, which results in inappropriate use of deterministic\nvalues. This was fixed in conjunction with CVE-2016-10743.\n\nCVE-2020-12695\n\nThe Open Connectivity Foundation UPnP specification before 2020-04-17\ndoes not forbid the acceptance of a subscription request with a\ndelivery URL on a different network segment than the fully qualified\nevent-subscription URL, aka the CallStranger issue.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:2.4-1+deb9u7.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/wpa\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/wpa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpagui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpasupplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpasupplicant-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hostapd\", reference:\"2:2.4-1+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpagui\", reference:\"2:2.4-1+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpasupplicant\", reference:\"2:2.4-1+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpasupplicant-udeb\", reference:\"2:2.4-1+deb9u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:50:39", "description": "This update for hostapd fixes the following issues :\n\n - CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (boo#1184348)\n\n - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP (boo#1172700)\n\n - CVE-2019-16275: AP mode PMF disconnection protection bypass (boo#1150934) \n\n - added AppArmor profile (source apparmor-usr.sbin.hostapd)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-04-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : hostapd (openSUSE-2021-519)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275", "CVE-2020-12695", "CVE-2021-30004"], "modified": "2021-04-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:hostapd", "p-cpe:/a:novell:opensuse:hostapd-debuginfo", "p-cpe:/a:novell:opensuse:hostapd-debugsource", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-519.NASL", "href": "https://www.tenable.com/plugins/nessus/148411", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-519.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148411);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/14\");\n\n script_cve_id(\"CVE-2019-16275\", \"CVE-2020-12695\", \"CVE-2021-30004\");\n\n script_name(english:\"openSUSE Security Update : hostapd (openSUSE-2021-519)\");\n script_summary(english:\"Check for the openSUSE-2021-519 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for hostapd fixes the following issues :\n\n - CVE-2021-30004: forging attacks may occur because\n AlgorithmIdentifier parameters are mishandled in\n tls/pkcs1.c and tls/x509v3.c (boo#1184348)\n\n - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd\n WPS AP (boo#1172700)\n\n - CVE-2019-16275: AP mode PMF disconnection protection\n bypass (boo#1150934) \n\n - added AppArmor profile (source\n apparmor-usr.sbin.hostapd)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184348\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected hostapd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hostapd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hostapd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"hostapd-2.9-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"hostapd-debuginfo-2.9-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"hostapd-debugsource-2.9-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd / hostapd-debuginfo / hostapd-debugsource\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-10T16:14:20", "description": "Several vulnerabilities have been discovered in wpa_supplicant and hostapd.\n\n - CVE-2020-12695 It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service.\n\n - CVE-2021-0326 It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) group information from active group owners. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code.\n\n - CVE-2021-27803 It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) provision discovery requests.\n An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-23T00:00:00", "type": "nessus", "title": "Debian DSA-4898-1 : wpa - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326", "CVE-2021-27803"], "modified": "2021-04-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wpa", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4898.NASL", "href": "https://www.tenable.com/plugins/nessus/148967", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4898. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148967);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/27\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2021-0326\", \"CVE-2021-27803\");\n script_xref(name:\"DSA\", value:\"4898\");\n\n script_name(english:\"Debian DSA-4898-1 : wpa - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in wpa_supplicant and\nhostapd.\n\n - CVE-2020-12695\n It was discovered that hostapd does not properly handle\n UPnP subscribe messages under certain conditions,\n allowing an attacker to cause a denial of service.\n\n - CVE-2021-0326\n It was discovered that wpa_supplicant does not properly\n process P2P (Wi-Fi Direct) group information from active\n group owners. An attacker within radio range of the\n device running P2P could take advantage of this flaw to\n cause a denial of service or potentially execute\n arbitrary code.\n\n - CVE-2021-27803\n It was discovered that wpa_supplicant does not properly\n process P2P (Wi-Fi Direct) provision discovery requests.\n An attacker within radio range of the device running P2P\n could take advantage of this flaw to cause a denial of\n service or potentially execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-12695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-0326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-27803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4898\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the wpa packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2:2.7+git20190128+0c1e29f-6+deb10u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0326\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"hostapd\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wpagui\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wpasupplicant\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wpasupplicant-udeb\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T16:35:19", "description": "The version of wpa_supplicant installed on the remote host is prior to 2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2021-362-01 advisory.\n\n - hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. (CVE-2019-16275)\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.\n This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 (CVE-2021-0326)\n\n - In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741 (CVE-2021-0535)\n\n - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. (CVE-2021-27803)\n\n - In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-12-29T00:00:00", "type": "nessus", "title": "Slackware Linux 14.0 / 14.1 / 14.2 / current wpa_supplicant Multiple Vulnerabilities (SSA:2021-362-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275", "CVE-2020-12695", "CVE-2021-0326", "CVE-2021-0535", "CVE-2021-27803", "CVE-2021-30004"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:wpa_supplicant", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2021-362-01.NASL", "href": "https://www.tenable.com/plugins/nessus/156338", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Slackware Security Advisory SSA:2021-362-01. The text\n# itself is copyright (C) Slackware Linux, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156338);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\n \"CVE-2019-16275\",\n \"CVE-2020-12695\",\n \"CVE-2021-0326\",\n \"CVE-2021-0535\",\n \"CVE-2021-27803\",\n \"CVE-2021-30004\"\n );\n\n script_name(english:\"Slackware Linux 14.0 / 14.1 / 14.2 / current wpa_supplicant Multiple Vulnerabilities (SSA:2021-362-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware Linux host is missing a security update to wpa_supplicant.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of wpa_supplicant installed on the remote host is prior to 2.9. It is, therefore, affected by multiple\nvulnerabilities as referenced in the SSA:2021-362-01 advisory.\n\n - hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in\n certain situations because source address validation is mishandled. This is a denial of service that\n should have been prevented by PMF (aka management frame protection). The attacker must send a crafted\n 802.11 frame from a location that is within the 802.11 communications range. (CVE-2019-16275)\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.\n This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no\n additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 (CVE-2021-0326)\n\n - In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use\n after free. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741\n (CVE-2021-0535)\n\n - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi\n Direct) provision discovery requests. It could result in denial of service or other impact (potentially\n execution of arbitrary code), for an attacker within radio range. (CVE-2021-27803)\n\n - In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are\n mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0326\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\nvar flag = 0;\nvar constraints = [\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.0', 'service_pack' : '1_slack14.0', 'arch' : 'i486' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.0', 'service_pack' : '1_slack14.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.1', 'service_pack' : '1_slack14.1', 'arch' : 'i486' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.1', 'service_pack' : '1_slack14.1', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.2', 'service_pack' : '1_slack14.2', 'arch' : 'i586' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.2', 'service_pack' : '1_slack14.2', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '8', 'arch' : 'i586' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '8', 'arch' : 'x86_64' }\n];\n\nforeach constraint (constraints) {\n var pkg_arch = constraint['arch'];\n var arch = NULL;\n if (pkg_arch == \"x86_64\") {\n arch = pkg_arch;\n }\n if (slackware_check(osver:constraint['os_version'],\n arch:arch,\n pkgname:constraint['product'],\n pkgver:constraint['fixed_version'],\n pkgarch:pkg_arch,\n pkgnum:constraint['service_pack'])) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : slackware_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2022-03-26T18:57:57", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2489-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Thorsten Alteholz\nDecember 10, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : minidlna\nVersion : 1.1.6+dfsg-1+deb9u1\nCVE ID : CVE-2020-12695 CVE-2020-28926\n\n\nIt was discovered that missing input validation in minidlna, a lightweight \nDLNA/UPnP-AV server could result in the execution of arbitrary code. In \naddition minidlna was susceptible to the "CallStranger" UPnP \nvulnerability.\n\n\n\nFor Debian 9 stretch, these problems have been fixed in version \n1.1.6+dfsg-1+deb9u1.\n\n\nWe recommend that you upgrade your minidlna packages.\n\nFor the detailed security status of minidlna please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/minidlna\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-10T21:27:37", "type": "debian", "title": "[SECURITY] [DLA 2489-1] minidlna security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-10T21:27:37", "id": "DEBIAN:DLA-2489-1:3AE0D", "href": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-02-16T11:28:31", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4806-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 07, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : minidlna\nCVE ID : CVE-2020-12695 CVE-2020-28926\nDebian Bug : 976594 976595\n\nIt was discovered that missing input validation in minidlna, a\nlightweight DLNA/UPnP-AV server could result in the execution of\narbitrary code. In addition minidlna was susceptible to the\n"CallStranger" UPnP vulnerability.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.2.1+dfsg-2+deb10u1.\n\nWe recommend that you upgrade your minidlna packages.\n\nFor the detailed security status of minidlna please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/minidlna\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-07T21:38:44", "type": "debian", "title": "[SECURITY] [DSA 4806-1] minidlna security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-07T21:38:44", "id": "DEBIAN:DSA-4806-1:B822C", "href": "https://lists.debian.org/debian-security-announce/2020/msg00213.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-10-22T11:18:35", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2315-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nAugust 06, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : gupnp\nVersion : 1.0.1-1+deb9u1\nCVE ID : CVE-2020-12695\n\nYunus \u00c7ad\u0131rc\u0131 found an issue in the SUBSCRIBE method of UPnP, a\nnetwork protocol for devices to automatically discover and communicate\nwith each other. Insuficient checks on this method allowed attackers\nto use vulnerable UPnP services for DoS attacks or possibly to bypass\nfirewalls.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.1-1+deb9u1.\n\nWe recommend that you upgrade your gupnp packages.\n\nFor the detailed security status of gupnp please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/gupnp\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-08-06T17:27:49", "type": "debian", "title": "[SECURITY] [DLA 2315-1] gupnp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-06T17:27:49", "id": "DEBIAN:DLA-2315-1:5392C", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-01-01T03:00:57", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2315-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nAugust 06, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : gupnp\nVersion : 1.0.1-1+deb9u1\nCVE ID : CVE-2020-12695\n\nYunus \u00c7ad\u0131rc\u0131 found an issue in the SUBSCRIBE method of UPnP, a\nnetwork protocol for devices to automatically discover and communicate\nwith each other. Insuficient checks on this method allowed attackers\nto use vulnerable UPnP services for DoS attacks or possibly to bypass\nfirewalls.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.1-1+deb9u1.\n\nWe recommend that you upgrade your gupnp packages.\n\nFor the detailed security status of gupnp please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/gupnp\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-08-06T17:27:49", "type": "debian", "title": "[SECURITY] [DLA 2315-1] gupnp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-06T17:27:49", "id": "DEBIAN:DLA-2315-1:6010C", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-02-16T23:32:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4898-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 22, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpa\nCVE ID : CVE-2020-12695 CVE-2021-0326 CVE-2021-27803\nDebian Bug : 976106 981971\n\nSeveral vulnerabilities have been discovered in wpa_supplicant and\nhostapd.\n\nCVE-2020-12695\n\n It was discovered that hostapd does not properly handle UPnP\n subscribe messages under certain conditions, allowing an attacker to\n cause a denial of service.\n\nCVE-2021-0326\n\n It was discovered that wpa_supplicant does not properly process P2P\n (Wi-Fi Direct) group information from active group owners. An\n attacker within radio range of the device running P2P could take\n advantage of this flaw to cause a denial of service or potentially\n execute arbitrary code.\n\nCVE-2021-27803\n\n It was discovered that wpa_supplicant does not properly process\n P2P (Wi-Fi Direct) provision discovery requests. An attacker\n within radio range of the device running P2P could take advantage\n of this flaw to cause a denial of service or potentially execute\n arbitrary code.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u3.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-04-22T18:52:18", "type": "debian", "title": "[SECURITY] [DSA 4898-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326", "CVE-2021-27803"], "modified": "2021-04-22T18:52:18", "id": "DEBIAN:DSA-4898-1:A816A", "href": "https://lists.debian.org/debian-security-announce/2021/msg00079.html", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T18:16:08", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4898-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 22, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpa\nCVE ID : CVE-2020-12695 CVE-2021-0326 CVE-2021-27803\nDebian Bug : 976106 981971\n\nSeveral vulnerabilities have been discovered in wpa_supplicant and\nhostapd.\n\nCVE-2020-12695\n\n It was discovered that hostapd does not properly handle UPnP\n subscribe messages under certain conditions, allowing an attacker to\n cause a denial of service.\n\nCVE-2021-0326\n\n It was discovered that wpa_supplicant does not properly process P2P\n (Wi-Fi Direct) group information from active group owners. An\n attacker within radio range of the device running P2P could take\n advantage of this flaw to cause a denial of service or potentially\n execute arbitrary code.\n\nCVE-2021-27803\n\n It was discovered that wpa_supplicant does not properly process\n P2P (Wi-Fi Direct) provision discovery requests. An attacker\n within radio range of the device running P2P could take advantage\n of this flaw to cause a denial of service or potentially execute\n arbitrary code.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u3.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-04-22T18:52:18", "type": "debian", "title": "[SECURITY] [DSA 4898-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326", "CVE-2021-27803"], "modified": "2021-04-22T18:52:18", "id": "DEBIAN:DSA-4898-1:31848", "href": "https://lists.debian.org/debian-security-announce/2021/msg00079.html", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:18:31", "description": "- -----------------------------------------------------------------------\nDebian LTS Advisory DLA-2318-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nAugust 09, 2020 https://wiki.debian.org/LTS\n- -----------------------------------------------------------------------\n\nPackage : wpa\nVersion : 2:2.4-1+deb9u7\nCVE ID : CVE-2019-10064 CVE-2020-12695\n\nThe following CVE(s) have been reported against src:wpa.\n\nCVE-2019-10064\n\n hostapd before 2.6, in EAP mode, makes calls to the rand()\n and random() standard library functions without any preceding\n srand() or srandom() call, which results in inappropriate\n use of deterministic values. This was fixed in conjunction\n with CVE-2016-10743.\n\nCVE-2020-12695\n\n The Open Connectivity Foundation UPnP specification before\n 2020-04-17 does not forbid the acceptance of a subscription\n request with a delivery URL on a different network segment\n than the fully qualified event-subscription URL, aka the\n CallStranger issue.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:2.4-1+deb9u7.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-08-08T20:43:17", "type": "debian", "title": "[SECURITY] [DLA 2318-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10743", "CVE-2019-10064", "CVE-2020-12695"], "modified": "2020-08-08T20:43:17", "id": "DEBIAN:DLA-2318-1:520EC", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-01-24T16:18:54", "description": "- -----------------------------------------------------------------------\nDebian LTS Advisory DLA-2318-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nAugust 09, 2020 https://wiki.debian.org/LTS\n- -----------------------------------------------------------------------\n\nPackage : wpa\nVersion : 2:2.4-1+deb9u7\nCVE ID : CVE-2019-10064 CVE-2020-12695\n\nThe following CVE(s) have been reported against src:wpa.\n\nCVE-2019-10064\n\n hostapd before 2.6, in EAP mode, makes calls to the rand()\n and random() standard library functions without any preceding\n srand() or srandom() call, which results in inappropriate\n use of deterministic values. This was fixed in conjunction\n with CVE-2016-10743.\n\nCVE-2020-12695\n\n The Open Connectivity Foundation UPnP specification before\n 2020-04-17 does not forbid the acceptance of a subscription\n request with a delivery URL on a different network segment\n than the fully qualified event-subscription URL, aka the\n CallStranger issue.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:2.4-1+deb9u7.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-08-08T20:43:17", "type": "debian", "title": "[SECURITY] [DLA 2318-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10743", "CVE-2019-10064", "CVE-2020-12695"], "modified": "2020-08-08T20:43:17", "id": "DEBIAN:DLA-2318-1:45FB2", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "suse": [{"lastseen": "2022-04-21T22:47:51", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for minidlna fixes the following issues:\n\n minidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n - Use $USER instead of $LOGNAME for the default friendly name.\n - Fixed build with GCC 10\n - Fixed some warnings from newer compilers\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n - Fixed spurious warnings with ogg coverart\n - Fixed an issue with VLC where browse results would be truncated.\n - Fixed bookmarks on Samsung Q series\n - Added DSD file support.\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n - Will now reload the log file on SIGHUP.\n - Worked around bad SearchCriteria from the Control4 Android app.\n - Increased max supported network addresses to 8.\n - Added forced alphasort capability.\n - Added episode season and number metadata support.\n - Enabled subtitles by default for unknown DLNA clients, and add\n enable_subtitles config option.\n - Fixed discovery when connected to certain WiFi routers.\n - Added FreeBSD kqueue support.\n - Added the ability to set the group to run as.\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-2226=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-10T00:00:00", "type": "suse", "title": "Security update for minidlna (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-10T00:00:00", "id": "OPENSUSE-SU-2020:2226-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7S45AUDAZDSITTGVELYZ3FY6T7HMLOED/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-03T03:59:29", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for minidlna fixes the following issues:\n\n minidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n - Use $USER instead of $LOGNAME for the default friendly name.\n - Fixed build with GCC 10\n - Fixed some warnings from newer compilers\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n - Fixed spurious warnings with ogg coverart\n - Fixed an issue with VLC where browse results would be truncated.\n - Fixed bookmarks on Samsung Q series\n - Added DSD file support.\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n - Will now reload the log file on SIGHUP.\n - Worked around bad SearchCriteria from the Control4 Android app.\n - Increased max supported network addresses to 8.\n - Added forced alphasort capability.\n - Added episode season and number metadata support.\n - Enabled subtitles by default for unknown DLNA clients, and add\n enable_subtitles config option.\n - Fixed discovery when connected to certain WiFi routers.\n - Added FreeBSD kqueue support.\n - Added the ability to set the group to run as.\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2020-2204=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-08T00:00:00", "type": "suse", "title": "Security update for minidlna (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-08T00:00:00", "id": "OPENSUSE-SU-2020:2204-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SNZKSW2K4W6JRPVMJ5SOHHDWS6UI5LAZ/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-04-18T12:40:49", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for minidlna fixes the following issues:\n\n minidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n - Use $USER instead of $LOGNAME for the default friendly name.\n - Fixed build with GCC 10\n - Fixed some warnings from newer compilers\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n - Fixed spurious warnings with ogg coverart\n - Fixed an issue with VLC where browse results would be truncated.\n - Fixed bookmarks on Samsung Q series\n - Added DSD file support.\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n - Will now reload the log file on SIGHUP.\n - Worked around bad SearchCriteria from the Control4 Android app.\n - Increased max supported network addresses to 8.\n - Added forced alphasort capability.\n - Added episode season and number metadata support.\n - Enabled subtitles by default for unknown DLNA clients, and add\n enable_subtitles config option.\n - Fixed discovery when connected to certain WiFi routers.\n - Added FreeBSD kqueue support.\n - Added the ability to set the group to run as.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-2194=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-07T00:00:00", "type": "suse", "title": "Security update for minidlna (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-07T00:00:00", "id": "OPENSUSE-SU-2020:2194-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TSSIKL5YFHBGYOJ3SQBDZNPPVD4OU4WF/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-04-21T22:47:51", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for minidlna fixes the following issues:\n\n minidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n - Use $USER instead of $LOGNAME for the default friendly name.\n - Fixed build with GCC 10\n - Fixed some warnings from newer compilers\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n - Fixed spurious warnings with ogg coverart\n - Fixed an issue with VLC where browse results would be truncated.\n - Fixed bookmarks on Samsung Q series\n - Added DSD file support.\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n - Will now reload the log file on SIGHUP.\n - Worked around bad SearchCriteria from the Control4 Android app.\n - Increased max supported network addresses to 8.\n - Added forced alphasort capability.\n - Added episode season and number metadata support.\n - Enabled subtitles by default for unknown DLNA clients, and add\n enable_subtitles config option.\n - Fixed discovery when connected to certain WiFi routers.\n - Added FreeBSD kqueue support.\n - Added the ability to set the group to run as.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-2160=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-04T00:00:00", "type": "suse", "title": "Security update for minidlna (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-04T00:00:00", "id": "OPENSUSE-SU-2020:2160-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A2GHF3UJM6D2JSKELXMJY57IRWK3PJM3/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-04-18T12:40:30", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for hostapd fixes the following issues:\n\n - CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier\n parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (boo#1184348)\n - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP\n (boo#1172700)\n - CVE-2019-16275: AP mode PMF disconnection protection bypass (boo#1150934)\n\n - added AppArmor profile (source apparmor-usr.sbin.hostapd)\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2021-545=1", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2021-04-12T00:00:00", "type": "suse", "title": "Security update for hostapd (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275", "CVE-2020-12695", "CVE-2021-30004"], "modified": "2021-04-12T00:00:00", "id": "OPENSUSE-SU-2021:0545-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7GHTARPJSUMITH7M3ESWRIZUIYW5UAM6/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-03T03:59:15", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for hostapd fixes the following issues:\n\n - CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier\n parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (boo#1184348)\n - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP\n (boo#1172700)\n - CVE-2019-16275: AP mode PMF disconnection protection bypass (boo#1150934)\n\n - added AppArmor profile (source apparmor-usr.sbin.hostapd)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-519=1", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2021-04-09T00:00:00", "type": "suse", "title": "Security update for hostapd (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275", "CVE-2020-12695", "CVE-2021-30004"], "modified": "2021-04-09T00:00:00", "id": "OPENSUSE-SU-2021:0519-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXT3Y5NEGCCPGZ7FTYURPUBTHNNJA6MF/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:35", "description": "It was discovered that minidlna does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue (CVE-2020-12695). Minidlna before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove (CVE-2020-28926). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-31T14:32:44", "type": "mageia", "title": "Updated minidlna packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-31T14:32:44", "id": "MGASA-2020-0483", "href": "https://advisories.mageia.org/MGASA-2020-0483.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-04-18T11:19:34", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. (CVE-2020-12695). \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-07-31T23:25:42", "type": "mageia", "title": "Updated gssdp/gupnp packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-31T23:25:42", "id": "MGASA-2020-0304", "href": "https://advisories.mageia.org/MGASA-2020-0304.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "osv": [{"lastseen": "2022-08-05T05:19:01", "description": "\nIt was discovered that missing input validation in minidlna, a lightweight\nDLNA/UPnP-AV server could result in the execution of arbitrary code. In\naddition minidlna was susceptible to the CallStranger UPnP\nvulnerability.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.1.6+dfsg-1+deb9u1.\n\n\nWe recommend that you upgrade your minidlna packages.\n\n\nFor the detailed security status of minidlna please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/minidlna>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-10T00:00:00", "type": "osv", "title": "minidlna - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-08-05T05:18:59", "id": "OSV:DLA-2489-1", "href": "https://osv.dev/vulnerability/DLA-2489-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-10T07:07:07", "description": "\nIt was discovered that missing input validation in minidlna, a\nlightweight DLNA/UPnP-AV server could result in the execution of\narbitrary code. In addition minidlna was susceptible to the\nCallStranger UPnP vulnerability.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.2.1+dfsg-2+deb10u1.\n\n\nWe recommend that you upgrade your minidlna packages.\n\n\nFor the detailed security status of minidlna please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/minidlna](https://security-tracker.debian.org/tracker/minidlna)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-07T00:00:00", "type": "osv", "title": "minidlna - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-08-10T07:07:04", "id": "OSV:DSA-4806-1", "href": "https://osv.dev/vulnerability/DSA-4806-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-21T08:16:40", "description": "\nYunus \u0102\u0087ad\u00c4\u0105rc\u00c4\u0105 found an issue in the SUBSCRIBE method of UPnP, a\nnetwork protocol for devices to automatically discover and communicate\nwith each other. Insufficient checks on this method allowed attackers\nto use vulnerable UPnP services for DoS attacks or possibly to bypass\nfirewalls.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.1-1+deb9u1.\n\n\nWe recommend that you upgrade your gupnp packages.\n\n\nFor the detailed security status of gupnp please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/gupnp>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-08-06T00:00:00", "type": "osv", "title": "gupnp - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2022-07-21T05:53:18", "id": "OSV:DLA-2315-1", "href": "https://osv.dev/vulnerability/DLA-2315-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-21T08:16:40", "description": "\nThe following CVE(s) have been reported against src:wpa.\n\n\n* [CVE-2019-10064](https://security-tracker.debian.org/tracker/CVE-2019-10064)\nhostapd before 2.6, in EAP mode, makes calls to the rand()\n and random() standard library functions without any preceding\n srand() or srandom() call, which results in inappropriate\n use of deterministic values. This was fixed in conjunction\n with [CVE-2016-10743](https://security-tracker.debian.org/tracker/CVE-2016-10743).\n* [CVE-2020-12695](https://security-tracker.debian.org/tracker/CVE-2020-12695)\nThe Open Connectivity Foundation UPnP specification before\n 2020-04-17 does not forbid the acceptance of a subscription\n request with a delivery URL on a different network segment\n than the fully qualified event-subscription URL, aka the\n CallStranger issue.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:2.4-1+deb9u7.\n\n\nWe recommend that you upgrade your wpa packages.\n\n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/wpa>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-09T00:00:00", "type": "osv", "title": "wpa - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10743", "CVE-2019-10064", "CVE-2020-12695"], "modified": "2022-07-21T05:53:18", "id": "OSV:DLA-2318-1", "href": "https://osv.dev/vulnerability/DLA-2318-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-10T07:19:53", "description": "\nSeveral vulnerabilities have been discovered in wpa\\_supplicant and\nhostapd.\n\n\n* [CVE-2020-12695](https://security-tracker.debian.org/tracker/CVE-2020-12695)\nIt was discovered that hostapd does not properly handle UPnP\n subscribe messages under certain conditions, allowing an attacker to\n cause a denial of service.\n* [CVE-2021-0326](https://security-tracker.debian.org/tracker/CVE-2021-0326)\nIt was discovered that wpa\\_supplicant does not properly process P2P\n (Wi-Fi Direct) group information from active group owners. An\n attacker within radio range of the device running P2P could take\n advantage of this flaw to cause a denial of service or potentially\n execute arbitrary code.\n* [CVE-2021-27803](https://security-tracker.debian.org/tracker/CVE-2021-27803)\nIt was discovered that wpa\\_supplicant does not properly process\n P2P (Wi-Fi Direct) provision discovery requests. An attacker\n within radio range of the device running P2P could take advantage\n of this flaw to cause a denial of service or potentially execute\n arbitrary code.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u3.\n\n\nWe recommend that you upgrade your wpa packages.\n\n\nFor the detailed security status of wpa please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/wpa>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2021-04-22T00:00:00", "type": "osv", "title": "wpa - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326", "CVE-2021-27803"], "modified": "2022-08-10T07:19:51", "id": "OSV:DSA-4898-1", "href": "https://osv.dev/vulnerability/DSA-4898-1", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T10:59:45", "description": "It was discovered that ReadyMedia (MiniDLNA) allowed subscription requests with \na delivery URL on a different network segment than the fully qualified event- \nsubscription URL. An attacker could use this to hijack smart devices and cause \ndenial of service attacks. (CVE-2020-12695)\n\nIt was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. \nA remote attacker could send a malicious UPnP HTTP request to the service \nusing HTTP chunked encoding and cause a denial of service. \n(CVE-2020-28926)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-04T00:00:00", "type": "ubuntu", "title": "ReadyMedia (MiniDLNA) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2021-02-04T00:00:00", "id": "USN-4722-1", "href": "https://ubuntu.com/security/notices/USN-4722-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-01-04T11:14:44", "description": "It was discovered that GUPnP incorrectly handled certain subscription \nrequests. A remote attacker could possibly use this issue to exfiltrate \ndata or use GUPnP to perform DDoS attacks.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-09-15T00:00:00", "type": "ubuntu", "title": "GUPnP vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-09-15T00:00:00", "id": "USN-4494-1", "href": "https://ubuntu.com/security/notices/USN-4494-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-01-04T10:58:45", "description": "It was discovered that wpa_supplicant did not properly handle P2P \n(Wi-Fi Direct) group information in some situations, leading to a \nheap overflow. A physically proximate attacker could use this to cause a \ndenial of service or possibly execute arbitrary code. (CVE-2021-0326)\n\nIt was discovered that hostapd did not properly handle UPnP subscribe \nmessages in some circumstances. An attacker could use this to cause a \ndenial of service. (CVE-2020-12695)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-02-11T00:00:00", "type": "ubuntu", "title": "wpa_supplicant and hostapd vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326"], "modified": "2021-02-11T00:00:00", "id": "USN-4734-1", "href": "https://ubuntu.com/security/notices/USN-4734-1", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T10:58:34", "description": "USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This \nupdate provides the corresponding update for Ubuntu 14.04 ESM.\n\nIt was discovered that wpa_supplicant did not properly handle P2P \n(Wi-Fi Direct) group information in some situations, leading to a \nheap overflow. A physically proximate attacker could use this to cause a \ndenial of service or possibly execute arbitrary code. (CVE-2021-0326)\n\nIt was discovered that hostapd did not properly handle UPnP subscribe \nmessages in some circumstances. An attacker could use this to cause a \ndenial of service. (CVE-2020-12695)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-02-16T00:00:00", "type": "ubuntu", "title": "wpa_supplicant and hostapd vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326"], "modified": "2021-02-16T00:00:00", "id": "USN-4734-2", "href": "https://ubuntu.com/security/notices/USN-4734-2", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-08-06T08:03:29", "description": "ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-30T18:15:00", "type": "cve", "title": "CVE-2020-28926", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28926"], "modified": "2022-08-06T03:48:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-28926", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28926", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:35:21", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-08T17:15:00", "type": "cve", "title": "CVE-2020-12695", "cwe": ["CWE-276"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2021-04-23T00:15:00", "cpe": ["cpe:/h:hp:envy_4509_d3p94a:-", "cpe:/h:hp:deskjet_ink_advantage_5575_g0v48b:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4535_f0v64b:-", "cpe:/h:hp:hp_envy_4516_k9h52a:-", "cpe:/h:hp:envy_5000_m2u94b:-", "cpe:/h:hp:envy_110_cq809a:-", "cpe:/h:epson:xp-8600:-", "cpe:/h:hp:hp_officejet_4655_f1j00a:-", "cpe:/h:hp:envy_5541_k7g89a:-", "cpe:/h:epson:xp-702:-", "cpe:/h:hp:envy_5000_z4a74a:-", "cpe:/h:hp:envy_100_cn517c:-", "cpe:/h:hp:envy_5540_g0v53a:-", "cpe:/h:hp:envy_6540_b9s59a:-", "cpe:/h:hp:hp_envy_4528_k9t08b:-", "cpe:/h:hp:envy_photo_7800_k7s10d:-", "cpe:/h:hp:envy_4513_k9h51a:-", "cpe:/h:hp:hp_officejet_4652_k9v84b:-", "cpe:/h:hp:deskjet_ink_advantage_4535_f0v64a:-", "cpe:/h:hp:envy_photo_7100_k7g99a:-", "cpe:/h:hp:hp_envy_4521_k9t10b:-", "cpe:/h:epson:xp-4105:-", "cpe:/h:hp:envy_6020_6wd35a:-", "cpe:/h:cisco:wap150:-", "cpe:/h:hp:envy_photo_7800_k7r96a:-", "cpe:/h:hp:envy_photo_6200_y0k15a:-", "cpe:/h:epson:ew-m970a3t:-", "cpe:/h:dell:b1165nfw:-", "cpe:/h:hp:envy_5548_k7g87a:-", "cpe:/h:hp:officejet_4650_f1h96b:-", "cpe:/h:hp:envy_5545_g0v50a:-", "cpe:/a:ui:unifi_controller:-", "cpe:/h:hp:envy_4509_d3p94b:-", "cpe:/h:hp:envy_110_cq809d:-", "cpe:/h:hp:officejet_4655_f1j00a:-", "cpe:/h:hp:5030_m2u92b:-", "cpe:/h:hp:envy_114_cq811a:-", "cpe:/h:hp:envy_120_cz022c:-", "cpe:/h:hp:deskjet_ink_advantage_3548_a9t81b:-", "cpe:/h:hp:envy_4503_e6g71b:-", "cpe:/h:hp:envy_6052_5se18a:-", "cpe:/h:hp:hp_envy_4520_f0v63b:-", "cpe:/o:microsoft:xbox_one:10.0.19041.2494", "cpe:/h:hp:envy_5540_k7c85a:-", "cpe:/h:hp:deskjet_ink_advantage_4676_f1h98a:-", "cpe:/h:epson:xp-620:-", "cpe:/h:canon:selphy_cp1200:-", "cpe:/h:hp:envy_114_cq811b:-", "cpe:/h:hp:deskjet_ink_advantage_4535_f0v64b:-", "cpe:/h:hp:hp_officejet_4655_k9v82b:-", "cpe:/h:hp:envy_100_cn517a:-", "cpe:/h:hp:envy_4512_k9h49a:-", "cpe:/h:hp:envy_4502_a9t87b:-", "cpe:/h:hp:envy_5642_b9s64a:-", "cpe:/h:hp:envy_pro_6420_5se45b:-", "cpe:/h:hp:envy_photo_6222_y0k13d:-", "cpe:/h:hp:envy_4520_e6g67a:-", "cpe:/h:hp:officejet_4654_f1j06b:-", "cpe:/h:hp:deskjet_ink_advantage_4515:-", "cpe:/h:hp:envy_4522_f0v67a:-", "cpe:/h:hp:envy_5539:-", "cpe:/h:hp:envy_pro_6420_5se46a:-", "cpe:/h:hp:hp_officejet_4652_f1j02a:-", "cpe:/h:hp:envy_5542_k7c88a:-", "cpe:/h:epson:xp-241:-", "cpe:/h:cisco:wap351:-", "cpe:/h:hp:envy_photo_7100_3xd89a:-", "cpe:/h:hp:envy_4524_f0v72b:-", "cpe:/h:hp:envy_100_cn518a:-", "cpe:/h:hp:envy_7644_e4w46a:-", "cpe:/h:hp:envy_photo_6232_k7g26b:-", "cpe:/h:hp:envy_110_cq809c:-", "cpe:/h:hp:envy_100_cn517b:-", "cpe:/h:hp:officejet_4652_k9v84b:-", "cpe:/h:hp:hp_officejet_4658_v6d30b:-", "cpe:/h:hp:hp_envy_4520_e6g67b:-", "cpe:/h:hp:hp_envy_4526_k9t05b:-", "cpe:/h:hp:officejet_4654_f1j07b:-", "cpe:/h:hp:envy_4500_a9t80b:-", "cpe:/h:netgear:wnhde111:-", "cpe:/h:epson:xp-970:-", "cpe:/h:hp:deskjet_ink_advantage_4678_f1h99b:-", "cpe:/h:hp:deskjet_ink_advantage_4675_f1h97a:-", "cpe:/h:zyxel:amg1202-t10b:-", "cpe:/h:hp:envy_4526_k9t05b:-", "cpe:/h:hp:envy_4525_k9t09b:-", "cpe:/h:hp:hp_envy_4513_k9h51a:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4535_f0v64a:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4676_f1h98a:-", "cpe:/h:hp:officejet_4657_v6d29b:-", "cpe:/h:hp:officejet_4655_k9v82b:-", "cpe:/h:epson:xp-2101:-", "cpe:/h:hp:envy_4507_e6g70b:-", "cpe:/h:hp:envy_5020_m2u91b:-", "cpe:/h:hp:hp_officejet_4657_v6d29b:-", "cpe:/h:hp:envy_photo_7164_k7g99a:-", "cpe:/h:hp:envy_photo_7100_k7g93a:-", "cpe:/h:hp:envy_5544_k7c93a:-", "cpe:/h:hp:envy_4500_a9t89a:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4675_f1h97c:-", "cpe:/h:d-link:dvg-n5412sp:-", "cpe:/h:hp:deskjet_ink_advantage_4675_f1h97b:-", "cpe:/h:hp:envy_4527_j6u61b:-", "cpe:/h:hp:deskjet_ink_advantage_3546_a9t82a:-", "cpe:/h:hp:deskjet_ink_advantage_4518:-", "cpe:/h:hp:envy_111_cq810a:-", "cpe:/h:hp:envy_4520_f0v69a:-", "cpe:/h:asus:rt-n11:-", "cpe:/h:hp:envy_photo_6252_k7g22a:-", "cpe:/h:hp:deskjet_ink_advantage_5575_g0v48c:-", "cpe:/h:hp:envy_5534:-", "cpe:/h:hp:envy_photo_6220_k7g20d:-", "cpe:/h:hp:envy_120_cz022a:-", "cpe:/h:hp:envy_100_cn519a:-", "cpe:/h:hp:envy_4504_a9t88b:-", "cpe:/h:hp:envy_4520_f0v63b:-", "cpe:/h:hp:envy_5544_k7c89a:-", "cpe:/h:hp:envy_5547_j6u64a:-", "cpe:/h:hp:envy_5640_b9s56a:-", "cpe:/h:hp:envy_4505_a9t86a:-", "cpe:/h:hp:officejet_4656_k9v81b:-", "cpe:/h:ruckussecurity:zonedirector_1200:-", "cpe:/h:hp:envy_4501_c8d05a:-", "cpe:/h:hp:officejet_4655_k9v79a:-", "cpe:/h:hp:envy_5540_g0v51a:-", "cpe:/h:hp:envy_6020_5se17a:-", "cpe:/h:hp:envy_5540_f2e72a:-", "cpe:/h:hp:envy_5644_b9s65a:-", "cpe:/h:hp:hp_envy_4520_f0v69a:-", "cpe:/h:hp:hp_envy_4527_j6u61b:-", "cpe:/h:hp:hp_envy_4523_j6u60b:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4678_f1h99b:-", "cpe:/h:tp-link:archer_c50:-", "cpe:/h:hp:hp_officejet_4650_f1h96b:-", "cpe:/h:hp:deskjet_ink_advantage_3456_a9t84c:-", "cpe:/h:hp:envy_120_cz022b:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4675_f1h97b:-", "cpe:/h:hp:officejet_4650_e6g87a:-", "cpe:/h:hp:envy_7645_e4w44a:-", "cpe:/h:hp:hp_officejet_4654_f1j06b:-", "cpe:/h:nec:wr8165n:-", "cpe:/h:hp:envy_5664_f8b08a:-", "cpe:/h:hp:envy_6020_7cz37a:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4538_f0v66b:-", "cpe:/h:hp:envy_5530:-", "cpe:/h:hp:envy_5531:-", "cpe:/h:hp:envy_photo_7100_z3m37a:-", "cpe:/h:hp:envy_4524_f0v71b:-", "cpe:/h:hp:envy_photo_7800_y0g42d:-", "cpe:/h:hp:envy_5540_g0v47a:-", "cpe:/h:hp:envy_photo_7822_y0g42d:-", "cpe:/h:hp:envy_pro_6420_6wd16a:-", "cpe:/h:huawei:hg532e:-", "cpe:/h:hp:envy_photo_7800_k7s00a:-", "cpe:/h:hp:envy_5665_f8b06a:-", "cpe:/h:hp:deskjet_ink_advantage_4535_f0v64c:-", "cpe:/h:hp:envy_4504_c8d04a:-", "cpe:/h:hp:officejet_4650_f1h96a:-", "cpe:/h:hp:envy_110_cq812c:-", "cpe:/h:hp:envy_100_cn519b:-", "cpe:/h:hp:deskjet_ink_advantage_4675_f1h97c:-", "cpe:/h:hp:envy_4500_a9t80a:-", "cpe:/h:hp:officejet_4652_f1j05b:-", "cpe:/h:hp:envy_114_cq812a:-", "cpe:/h:epson:xp-2105:-", "cpe:/h:zyxel:vmg8324-b10a:-", "cpe:/h:hp:envy_4523_j6u60b:-", "cpe:/h:hp:envy_4516_k9h52a:-", "cpe:/h:hp:hp_envy_4520_f0v63a:-", "cpe:/h:hp:hp_officejet_4655_k9v79a:-", "cpe:/h:epson:xp-960:-", "cpe:/h:hp:envy_5532:-", "cpe:/h:hp:envy_photo_6200_k7g18a:-", "cpe:/h:cisco:wap131:-", "cpe:/h:epson:xp-100:-", "cpe:/h:hp:envy_5546_k7c90a:-", "cpe:/h:hp:5034_z4a74a:-", "cpe:/h:hp:deskjet_ink_advantage_4538_f0v66b:-", "cpe:/h:hp:envy_photo_6220_k7g21b:-", "cpe:/h:hp:envy_photo_7120_z3m41d:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4536_f0v65a:-", "cpe:/h:zte:zxv10_w300:-", "cpe:/h:hp:deskjet_ink_advantage_3545_a9t81a:-", "cpe:/h:hp:deskjet_ink_advantage_3545_a9t83b:-", "cpe:/h:epson:ep-101:-", "cpe:/h:epson:xp-630:-", "cpe:/h:hp:hp_officejet_4650_f1h96a:-", "cpe:/h:hp:envy_photo_6234_k7s21b:-", "cpe:/h:hp:envy_4520_e6g67b:-", "cpe:/h:hp:envy_110_cq809b:-", "cpe:/h:hp:envy_photo_7830_y0g50b:-", "cpe:/h:hp:envy_photo_6222_y0k14d:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4535_f0v64c:-", "cpe:/h:broadcom:adsl:-", "cpe:/o:microsoft:windows_10:-", "cpe:/h:hp:envy_photo_6200_y0k13d_:-", "cpe:/h:hp:envy_4511_k9h50a:-", "cpe:/h:hp:5660_f8b04a:-", "cpe:/h:hp:envy_5540_g0v52a:-", "cpe:/h:hp:envy_5000_m2u85a:-", "cpe:/h:hp:hp_officejet_4650_e6g87a:-", "cpe:/h:hp:envy_photo_7100_z3m52a:-", "cpe:/h:epson:xp-4100:-", "cpe:/h:hp:envy_4520_f0v63a:-", "cpe:/h:hp:envy_photo_6230_k7g25b:-", "cpe:/h:hp:hp_envy_4525_k9t09b:-", "cpe:/h:epson:xp-8500:-", "cpe:/h:huawei:hg255s:-", "cpe:/h:hp:envy_5543_n9u88a:-", "cpe:/h:hp:envy_5640_b9s58a:-", "cpe:/h:hp:deskjet_ink_advantage_4536_f0v65a:-", "cpe:/h:hp:envy_photo_7822_y0g43d:-", "cpe:/h:hp:envy_pro_6452_5se47a:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4675_f1h97a:-", "cpe:/h:hp:envy_4521_k9t10b:-", "cpe:/h:epson:xp-440:-", "cpe:/h:hp:envy_5000_m2u85b:-", "cpe:/h:hp:envy_5000_m2u91a:-", "cpe:/h:hp:envy_pro_6455_5se45a:-", "cpe:/h:hp:hp_envy_4511_k9h50a:-", "cpe:/h:hp:envy_4528_k9t08b:-", "cpe:/h:hp:envy_4502_a9t85a:-", "cpe:/h:epson:xp-330:-", "cpe:/h:hp:hp_envy_4524_f0v72b:-", "cpe:/h:hp:hp_envy_4524_k9t01a:-", "cpe:/h:hp:5020_z4a69a:-", "cpe:/h:hp:envy_5643_b9s63a:-", "cpe:/h:hp:envy_6055_5se16a:-", "cpe:/h:hp:envy_4524_k9t01a:-", "cpe:/h:hp:envy_pro_6420_6wd14a:-", "cpe:/h:hp:envy_photo_7800_y0g52b:-", "cpe:/h:hp:hp_envy_4512_k9h49a:-", "cpe:/h:hp:envy_5536:-", "cpe:/h:hp:envy_photo_6200_k7s21b:-", "cpe:/h:hp:hp_envy_4522_f0v67a:-", "cpe:/h:epson:xp-340:-", "cpe:/h:hp:envy_5000_m2u91a:*", "cpe:/h:epson:m571t:-", "cpe:/h:hp:envy_photo_7155_z3m52a:-", "cpe:/h:hp:officejet_4652_f1j02a:-", "cpe:/h:hp:envy_photo_6200_k7g26b:-", "cpe:/h:hp:5030_z4a70a:-", "cpe:/h:hp:envy_4508_e6g72b:-", "cpe:/h:hp:officejet_4658_v6d30b:-", "cpe:/h:hp:envy_5535:-", "cpe:/h:hp:hp_envy_4520_e6g67a:-", "cpe:/h:hp:hp_officejet_4652_f1j05b:-", "cpe:/h:hp:hp_officejet_4654_f1j07b:-", "cpe:/h:hp:envy_5000_z4a54a:-", "cpe:/h:hp:envy_6020_5se16b:-", "cpe:/h:hp:envy_5646_f8b05a:-", "cpe:/h:epson:xp-320:-", "cpe:/h:hp:hp_officejet_4656_k9v81b:-", "cpe:/h:hp:deskjet_ink_advantage_3545_a9t81c:-", "cpe:/h:hp:hp_envy_4524_f0v71b:-", "cpe:/h:hp:envy_4500_d3p93a:-", "cpe:/h:hp:envy_7640:-"], "id": "CVE-2020-12695", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12695", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}, "cpe23": ["cpe:2.3:h:hp:envy_6020_5se16b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_g0v52a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4676_f1h98a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:m571t:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_z4a74a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4521_k9t10b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5643_b9s63a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4650_f1h96a:-:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7800_y0g42d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5546_k7c90a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3546_a9t82a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6222_y0k13d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_7644_e4w46a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4508_e6g72b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5545_g0v50a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4525_k9t09b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4655_f1j00a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5547_j6u64a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5544_k7c89a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5642_b9s64a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4520_f0v63b:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-8600:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5020_m2u91b:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-630:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6052_5se18a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:5030_z4a70a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6222_y0k14d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5532:-:*:*:*:*:*:*:*", "cpe:2.3:h:nec:wr8165n:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6220_k7g21b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5536:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-320:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4678_f1h99b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4502_a9t85a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4507_e6g70b:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-702:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-4105:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4524_f0v72b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6420_5se46a:-:*:*:*:*:*:*:*", "cpe:2.3:h:zyxel:amg1202-t10b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_m2u85a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_f2e72a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5541_k7g89a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4655_k9v79a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4652_f1j02a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6420_6wd16a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7100_3xd89a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_g0v47a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6200_k7s21b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6200_y0k15a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_z4a54a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6200_k7g26b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4657_v6d29b:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-4100:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3456_a9t84c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4655_k9v79a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7164_k7g99a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4656_k9v81b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5542_k7c88a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_g0v51a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4523_j6u60b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn517c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4509_d3p94a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4524_f0v72b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4504_a9t88b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4520_e6g67b:-:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-100:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4513_k9h51a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5531:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6200_k7g18a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4675_f1h97c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6020_5se17a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_m2u85b:-:*:*:*:*:*:*:*", "cpe:2.3:h:canon:selphy_cp1200:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4652_k9v84b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5640_b9s58a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_110_cq809b:-:*:*:*:*:*:*:*", "cpe:2.3:a:ui:unifi_controller:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4528_k9t08b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4535_f0v64a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3548_a9t81b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:5030_m2u92b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4512_k9h49a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_7640:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4656_k9v81b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4654_f1j06b:-:*:*:*:*:*:*:*", "cpe:2.3:h:asus:rt-n11:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4535_f0v64b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4650_e6g87a:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:xbox_one:10.0.19041.2494:*:*:*:*:*:*:*", "cpe:2.3:h:hp:5034_z4a74a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7100_z3m37a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4525_k9t09b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4655_f1j00a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5535:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4512_k9h49a:-:*:*:*:*:*:*:*", "cpe:2.3:h:dell:b1165nfw:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-440:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4522_f0v67a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5548_k7g87a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4657_v6d29b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_114_cq811a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7100_k7g99a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6540_b9s59a:-:*:*:*:*:*:*:*", "cpe:2.3:h:broadcom:adsl:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4524_k9t01a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4522_f0v67a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_114_cq812a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6020_6wd35a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-340:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4538_f0v66b:-:*:*:*:*:*:*:*", "cpe:2.3:h:d-link:dvg-n5412sp:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4654_f1j06b:-:*:*:*:*:*:*:*", "cpe:2.3:h:huawei:hg532e:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6230_k7g25b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_7645_e4w44a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4516_k9h52a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4503_e6g71b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_k7c85a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4654_f1j07b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn519a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5646_f8b05a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4509_d3p94b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5543_n9u88a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-2101:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:ew-m970a3t:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5534:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t83b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4515:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4520_f0v63a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6420_5se45b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4655_k9v82b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_g0v53a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4500_a9t80b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4527_j6u61b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4511_k9h50a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4528_k9t08b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7800_k7s10d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4535_f0v64c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4505_a9t86a:-:*:*:*:*:*:*:*", "cpe:2.3:h:netgear:wnhde111:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4520_e6g67b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4513_k9h51a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4652_f1j02a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7120_z3m41d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_111_cq810a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn517b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4650_f1h96b:-:*:*:*:*:*:*:*", "cpe:2.3:h:tp-link:archer_c50:-:*:*:*:*:*:*:*", "cpe:2.3:h:ruckussecurity:zonedirector_1200:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4500_a9t89a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6232_k7g26b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-8500:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6200_y0k13d_:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:ep-101:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4536_f0v65a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4652_k9v84b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4658_v6d30b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_114_cq811b:-:*:*:*:*:*:*:*", "cpe:2.3:h:huawei:hg255s:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_m2u94b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4658_v6d30b:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4650_f1h96a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5544_k7c93a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5644_b9s65a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6055_5se16a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4500_a9t80a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6455_5se45a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5539:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-970:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:5660_f8b04a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4520_f0v69a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4524_k9t01a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn518a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4520_f0v63b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4652_f1j05b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn517a:-:*:*:*:*:*:*:*", "cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*", "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7155_z3m52a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4675_f1h97b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6220_k7g20d:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-330:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7830_y0g50b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7100_z3m52a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6452_5se47a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5640_b9s56a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_110_cq809a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4536_f0v65a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7800_k7s00a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-960:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4502_a9t87b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4527_j6u61b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4654_f1j07b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4520_e6g67a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4524_f0v71b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4521_k9t10b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4500_d3p93a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_120_cz022a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6020_7cz37a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4511_k9h50a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4526_k9t05b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7100_k7g93a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4652_f1j05b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:5020_z4a69a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4504_c8d04a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6252_k7g22a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7822_y0g42d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_110_cq812c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4523_j6u60b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4655_k9v82b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4520_e6g67a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5665_f8b06a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7822_y0g43d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4518:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4516_k9h52a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-2105:-:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7800_k7r96a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4538_f0v66b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_120_cz022b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4675_f1h97a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4650_e6g87a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4524_f0v71b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6420_6wd14a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn519b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4520_f0v69a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-241:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4678_f1h99b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5664_f8b08a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_m2u91a:*:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_120_cz022c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_110_cq809d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4676_f1h98a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4501_c8d05a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_m2u91a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4520_f0v63a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4526_k9t05b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7800_y0g52b:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-620:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6234_k7s21b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_110_cq809c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4650_f1h96b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5530:-:*:*:*:*:*:*:*"]}], "githubexploit": [{"lastseen": "2022-03-13T14:19:45", "description": "# exploit-CVE-2020-28926\n## Reference\nht...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-03T21:06:56", "type": "githubexploit", "title": "Exploit for Classic Buffer Overflow in Readymedia Project Readymedia", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28926"], "modified": "2022-03-13T11:21:19", "id": "C18EF8FF-84A8-5937-AEA3-C2D3D08F9F65", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:46:09", "description": "# Zeek Plugin that detects CallStranger (CVE-2020-12695) attempt...", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-10T14:18:34", "type": "githubexploit", "title": "Exploit for Incorrect Default Permissions in Ui Unifi Controller", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2022-02-22T00:45:31", "id": "4C38E174-1CE3-5FBF-A67F-3C932DD0F7EA", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}, "privateArea": 1}, {"lastseen": "2022-07-22T15:12:51", "description": "## CallStranger\n\n\nThis script created by Yunus \u00c7ad\u0131rc\u0131 (https://...", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-08T07:37:49", "type": "githubexploit", "title": "Exploit for Incorrect Default Permissions in Ui Unifi Controller", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2022-07-22T14:49:04", "id": "BE8163ED-A55D-547F-A284-5B1D252ABFC9", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}, "privateArea": 1}], "ubuntucve": [{"lastseen": "2022-08-04T13:24:23", "description": "ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code\nexecution. Sending a malicious UPnP HTTP request to the miniDLNA service\nusing HTTP chunked encoding can lead to a signedness bug resulting in a\nbuffer overflow in calls to memcpy/memmove.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-30T00:00:00", "type": "ubuntucve", "title": "CVE-2020-28926", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28926"], "modified": "2020-11-30T00:00:00", "id": "UB:CVE-2020-28926", "href": "https://ubuntu.com/security/CVE-2020-28926", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:28:37", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does\nnot forbid the acceptance of a subscription request with a delivery URL on\na different network segment than the fully qualified event-subscription\nURL, aka the CallStranger issue.\n\n#### Bugs\n\n * <https://github.com/pupnp/pupnp/pull/181>\n * <https://github.com/pupnp/pupnp/pull/185>\n * <https://github.com/pupnp/pupnp/pull/188>\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-08T00:00:00", "type": "ubuntucve", "title": "CVE-2020-12695", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-06-08T00:00:00", "id": "UB:CVE-2020-12695", "href": "https://ubuntu.com/security/CVE-2020-12695", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "debiancve": [{"lastseen": "2022-07-09T17:34:16", "description": "ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-30T18:15:00", "type": "debiancve", "title": "CVE-2020-28926", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28926"], "modified": "2020-11-30T18:15:00", "id": "DEBIANCVE:CVE-2020-28926", "href": "https://security-tracker.debian.org/tracker/CVE-2020-28926", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-09T17:32:21", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-08T17:15:00", "type": "debiancve", "title": "CVE-2020-12695", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-06-08T17:15:00", "id": "DEBIANCVE:CVE-2020-12695", "href": "https://security-tracker.debian.org/tracker/CVE-2020-12695", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:57", "description": "Arch Linux Security Advisory ASA-202012-15\n==========================================\n\nSeverity: High\nDate : 2020-12-09\nCVE-ID : CVE-2020-28926\nPackage : minidlna\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1321\n\nSummary\n=======\n\nThe package minidlna before version 1.3.0-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 1.3.0-1.\n\n# pacman -Syu \"minidlna>=1.3.0-1\"\n\nThe problem has been fixed upstream in version 1.3.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code\nexecution. Sending a malicious UPnP HTTP request to the miniDLNA\nservice using HTTP chunked encoding can lead to a signedness bug\nresulting in a buffer overflow in calls to memcpy/memmove.\n\nImpact\n======\n\nAn attacker on the local network can execute arbitrary code via a\nmalicious UPnP HTTP request.\n\nReferences\n==========\n\nhttps://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/\nhttps://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a\nhttps://security.archlinux.org/CVE-2020-28926", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "archlinux", "title": "[ASA-202012-15] minidlna: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28926"], "modified": "2020-12-09T00:00:00", "id": "ASA-202012-15", "href": "https://security.archlinux.org/ASA-202012-15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:57", "description": "Arch Linux Security Advisory ASA-202012-16\n==========================================\n\nSeverity: Medium\nDate : 2020-12-09\nCVE-ID : CVE-2020-12695\nPackage : hostapd\nType : proxy injection\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1322\n\nSummary\n=======\n\nThe package hostapd before version 2.9-4 is vulnerable to proxy\ninjection.\n\nResolution\n==========\n\nUpgrade to 2.9-4.\n\n# pacman -Syu \"hostapd>=2.9-4\"\n\nThe problem has been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nThe Open Connectivity Foundation UPnP specification before 2020-04-17\ndoes not forbid the acceptance of a subscription request with a\ndelivery URL on a different network segment than the fully qualified\nevent-subscription URL, aka the CallStranger issue. This issue could\nallow a device connected to the local network (i.e., a device that has\nbeen authorized to transmit packets in the network in which the AP is\nlocated) to trigger the AP to initiate a HTTP (TCP/IP) connection to an\narbitrary URL, including connections to servers in external networks.\n\nImpact\n======\n\nAn attacker on the local network might be able to force the AP to\ninitiate a HTTP (TCP/IP) connection to an arbitrary URL, including\nconnections to servers in external networks.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/68861\nhttps://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt\nhttp://www.callstranger.com/\nhttps://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch\nhttps://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch\nhttps://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch\nhttps://security.archlinux.org/CVE-2020-12695", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-12-09T00:00:00", "type": "archlinux", "title": "[ASA-202012-16] hostapd: proxy injection", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-12-09T00:00:00", "id": "ASA-202012-16", "href": "https://security.archlinux.org/ASA-202012-16", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "veracode": [{"lastseen": "2022-07-26T13:33:22", "description": "MiniDLNA is vulnerable to remote code execution. An attacker is able to send a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-08T00:44:29", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28926"], "modified": "2020-12-11T02:44:52", "id": "VERACODE:28507", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28507/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-26T13:30:52", "description": "hostapd is vulnerable to authorization bypass. The vulnerability exists as the Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-08-06T21:39:39", "type": "veracode", "title": "Authorization Bypass", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2021-04-23T05:23:07", "id": "VERACODE:26264", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26264/summary", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:38:07", "description": "GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.\n\nGSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. \n\nThe following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)\n\nSecurity Fix(es):\n\n* hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-05-18T06:05:22", "type": "redhat", "title": "(RHSA-2021:1789) Moderate: gssdp and gupnp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2021-05-18T11:34:14", "id": "RHSA-2021:1789", "href": "https://access.redhat.com/errata/RHSA-2021:1789", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:05", "description": "gssdp\n[1.0.5-1]\n+ gssdp-1.0.5-1\n- Update to 1.0.5\n- Fix SUBSCRIBE misbehaviour\n- Resolves: #1861928\ngupnp\n[1.0.6-1]\n+ gupnp-1.0.6-1\n- Update to 1.0.6\n- Fix SUBSCRIBE misbehaviour\n- Resolves: #1846589", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-05-25T00:00:00", "type": "oraclelinux", "title": "gssdp and gupnp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2021-05-25T00:00:00", "id": "ELSA-2021-1789", "href": "http://linux.oracle.com/errata/ELSA-2021-1789.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back-ground a nd acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-03T01:19:38", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: hostapd-2.9-4.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-03T01:19:38", "id": "FEDORA:84CF8310A07C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:51", "description": "GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-04T01:13:43", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: gupnp-1.0.5-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-04T01:13:43", "id": "FEDORA:220BE30995DA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:51", "description": "GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-04T01:13:42", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: gssdp-1.0.4-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-04T01:13:42", "id": "FEDORA:A8437308DCC4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/O46D6A37VVYHB45232FFNDUHCX77TZBV/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:51", "description": "GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-09T01:06:59", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: gssdp-1.0.4-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-09T01:06:59", "id": "FEDORA:9F8A130DA8F9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:51", "description": "GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-09T01:07:00", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: gupnp-1.0.5-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-09T01:07:00", "id": "FEDORA:0B46530DA8F6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5XDOXB2LQTCWNCPR26CNOAQZJGDCU2LY/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "redhatcve": [{"lastseen": "2022-07-07T17:39:29", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.\n#### Mitigation\n\nTo mitigate this flaw, close off the UPnP UDP port (usually 1900) and UPnP service ports from the Internet using a firewall. It's important to note that UPnP service ports vary based on the device, so device documentation should be consulted. Do not expose UPnP servers to the Internet. Exploitation of this flaw relies on HTTP SUBSCRIBE and NOTIFY requests, which can be blocked using a network security appliance, as another mitigation option. \n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-10T14:56:13", "type": "redhatcve", "title": "CVE-2020-12695", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2022-07-07T12:35:10", "id": "RH:CVE-2020-12695", "href": "https://access.redhat.com/security/cve/cve-2020-12695", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "almalinux": [{"lastseen": "2022-07-25T19:09:37", "description": "GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.\n\nGSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. \n\nThe following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)\n\nSecurity Fix(es):\n\n* hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2021-05-18T06:05:22", "type": "almalinux", "title": "Moderate: gssdp and gupnp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2021-11-12T10:20:56", "id": "ALSA-2021:1789", "href": "https://errata.almalinux.org/8/ALSA-2021-1789.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "cert": [{"lastseen": "2021-09-28T17:52:00", "description": "### Overview\n\nThe Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality.\n\n### Description\n\nThe UPnP protocol, as specified by the Open Connectivity Foundation (OCF), is designed to provide automatic discovery and interaction with devices on a network. The UPnP protocol is designed to be used in a trusted local area network (LAN) and the protocol does not implement any form of authentication or verification.\n\nMany common Internet-connected devices support UPnP, as noted in previous research from Daniel Garcia ([VU#357851](<https://www.kb.cert.org/vuls/id/357851>)) and [Rapid7](<https://blog.rapid7.com/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play/>). Garcia presented at [DEFCON 2019](<https://www.defcon.org/images/defcon-19/dc-19-presentations/Garcia/DEFCON-19-Garcia-UPnP-Mapping.pdf>) and published a scanning and portmapping tool. The UPnP [Device Protection](<https://upnp.org/specs/gw/UPnP-gw-DeviceProtection-v1-Service.pdf>) service was not widely adopted.\n\nA vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service (DDoS), data exfiltration, and other unexpected network behavior. The OCF has [updated the UPnP specification](<https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf>) to address this issue. This vulnerability has been assigned CVE-2020-12695 and is also known as [Call Stranger](<https://callstranger.com>).\n\nAlthough offering UPnP services on the Internet is generally considered to be a [misconfiguration](<https://www.kb.cert.org/vuls/id/357851/>), a number of devices are still available over the Internet according to a [recent Shodan scan](<https://www.shodan.io/search?query=upnp>).\n\n### Impact\n\nA remote, unauthenticated attacker may be able to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration. In general, making UPnP available over the the Internet can pose further security vulnerabilities than the one described in this vulnerability note.\n\n### Solution\n\n#### Affected devices\n\nA number of devices have been identified as vulnerable by the security researcher and have been posted at the [CallStranger](<https://callstranger.com>) website. There is more information on affected devices in Tenable's blog on [cve-2020-12695](<https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of>).\n\n#### Apply updates\n\nVendors are urged to implement the updated [specification](<https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf>) provided by the OCF.. Users should monitor vendor support channels for updates that implement the new SUBSCRIBE specification.\n\n#### Disable or Restrict UPnP\n\nDisable the UPnP protocol on Internet-accessible interfaces. Device manufacturers are urged to disable the UPnP SUBSCRIBE capability in their default configuration and to require users to explicitly enable SUBSCRIBE with any appropriate network restrictions to limit its usage to a trusted local area network.\n\n#### IDS Signature\n\nThis Surricata IDS rule looks for any HTTP SUBSCRIBE request to what is likely to be an external network (i.e., not RFC1918 and RFC4193 addresses). Network administrators and ISPs can deploy this signature at the Internet access point to detect any anomalous SUBSCRIBE requests reaching their users.\n\n`alert http any any -> ![fd00::/8,192.168.0.0/16,10.0.0.0/8,172.16.0.0/12] any (msg:\"UPnP SUBSCRIBE request seen to external network VU#339275: CVE- 2020-12695 https://kb.cert.org \"; content: \"subscribe\"; nocase; http_method; sid:1367339275;)`\n\n### Acknowledgements\n\nThis vulnerability was reported by Yunus \u00c7adirci from EY Turkey.\n\nThis document was written by Vijay Sarvepalli.\n\n### Vendor Information\n\n339275\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Open Connectivity Foundation __ Affected\n\nUpdated: 2020-06-29 **CVE-2020-12695**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf>\n\n#### CERT Addendum\n\nOpen Connectivity Foundation has updated their specification and published in the bulletin, see references.\n\n### Synology __ Affected\n\nNotified: 2020-06-17 Updated: 2020-06-29\n\n**Statement Date: June 22, 2020**\n\n**CVE-2020-12695**| Affected \n---|--- \n \n#### Vendor Statement\n\nPlease refer to Synology-SA-20:13\n\n#### References\n\n * <https://www.synology.com/security/advisory/Synology_SA_20_13>\n\n### Zyxel __ Affected\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Affected \n---|--- \n \n#### Vendor Statement\n\nZyxel security team confirms that Zyxel\u2019s VMG8324-B10A has the default firewall rule to block UPnP traffic from WAN since its first firmware V1.00(AAKL.0)C0 released in May 2013. However, if users intentionally disable the firewall feature, it could be vulnerable.\n\n#### References\n\n * <https://www.zyxel.com/us/en/support/security_advisories.shtml>\n\n#### CERT Addendum\n\nUsers are urged to not disable firewall to reduce the impact of this vulnerability from the WAN interface. Check Zyxel advisories for regular updates.\n\n### hostapd __ Affected\n\nUpdated: 2020-06-29 **CVE-2020-12695**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://w1.fi/security/2020-1/>\n * <https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt>\n\n#### CERT Addendum\n\nHostAP has released a statement and patches, see the References section for details.\n\n### Commscope __ Not Affected\n\nUpdated: 2020-07-02 **CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNone of the Ruckus products are vulnerable to CVE-2020-12695\n\n#### CERT Addendum\n\nCommscope acquired Arris and Ruckus Wireless. Announcements may be duplicated in the brand named vendor sections.\n\n### Cradlepoint __ Not Affected\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nIn NCOS, UPnP Gateway is disabled and the zone-based firewall is configured with an explicit deny for unsolicited inbound traffic by default\n\n#### References\n\n * <https://cradlepoint.com/vulnerability-alerts/>\n\n### LANCOM Systems GmbH __ Not Affected\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nLANCOM Systems products are not vulnerable to these vulnerabilities.\n\n### Peplink Not Affected\n\nNotified: 2020-07-06 Updated: 2020-06-29\n\n**Statement Date: July 07, 2020**\n\n**CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless __ Not Affected\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNone of the Ruckus products are vulnerable to CVE-2020-12695\n\n#### References\n\n * <https://support.ruckuswireless.com/security>\n\n#### CERT Addendum\n\nPlease note that Commscope acquired Ruckus Wireless in 2019. You may see future advisory under Commscope.\n\n### Sierra Wireless Not Affected\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### A10 Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADATA Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ANTlabs Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&T Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Actelis Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Actiontec Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aerohive Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AhnLab Inc Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AirWatch Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Akamai Technologies Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Allied Telesis Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Amazon Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Android Open Source Project Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Apple Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arista Networks Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aruba Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aspera Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Barracuda Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belden Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BlackBerry Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Blue Coat Systems Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BlueCat Networks Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Blunk Microsystems Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BoringSSL Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Broadcom Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CA Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CMX Systems Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CZ.NIC Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cambium Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ceragon Networks Inc Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Check Point Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cirpack Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Contiki OS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CoreOS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cricket Wireless Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cypress Semiconductor Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Debian GNU/Linux Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell EMC Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell SecureWorks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### DesktopBSD Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Deutsche Telekom Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Devicescape Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Digi International Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### DragonFly BSD Project Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ENEA Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### EfficientIP Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ericsson Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Espressif Systems Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### European Registry for Internet Domains Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Express Logic Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fastly Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fedora Project Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Force10 Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fortinet Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Foundry Brocade Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### FreeBSD Project Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GFI Software Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GNU adns Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GNU glibc Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Geexbox Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Gentoo Linux Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Google Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Grandstream Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Green Hills Software Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HCC Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HP Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HTC Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Honeywell Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### INTEROP Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IP Infusion Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Illumos Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### InfoExpress Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Infoblox Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Inmarsat Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Internet Systems Consortium - DHCP Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### JH Software Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Joyent Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LG Electronics Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LITE-ON Technology Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lancope Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lantronix Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lenovo Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LiteSpeed Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lynx Software Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Marvell Semiconductor Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### McAfee Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MediaTek Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Medtronic Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Men & Mice Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Micro Focus Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Microchip Technology Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Microsoft Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Miredo Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Muonics Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NEC Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NETSCOUT Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NIKSUN Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NLnet Labs Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Netgear Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nominum Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OleumTech Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenBSD Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenSSL Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Oracle Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Oryx Embedded Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### PHPIDS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Paessler Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Palo Alto Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Philips Electronics Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Proxim Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Pulse Secure Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QLogic Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QNX Software Systems Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QUALCOMM Incorporated Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quadros Systems Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Red Hat Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Riverbed Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Rocket RTOS (Inactive) Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Roku Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SEIKO EPSON Corp. / Epson America Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SUSE Linux Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SafeNet Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Mobile Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Secure64 Software Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Slackware Linux Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Snort Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SonicWall Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sonos Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sony Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sophos Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sourcefire Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Symantec Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2020-06-29 Updated: 2020-07-02 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Tenable Network Security Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Treck Unknown\n\nNotified: 2020-05-05 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Turbolinux Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubuntu Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Unisys Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Untangle Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### VMware Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vertical Networks Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### WizNET Technology Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### XigmaNAS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Xilinx Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zebra Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zephyr Project Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dnsmasq Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eCosCentric Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### lwIP Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### m0n0wall Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### netsnmp Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 194 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://callstranger.com>\n * <https://openconnectivity.org/developer/specifications/upnp-resources/upnp/>\n * <https://kb.cert.org/vuls/search/?q=upnp>\n * <https://github.com/yunuscadirci/CallStranger>\n * <https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2020-12695 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-12695>) \n---|--- \n**Date Public:** | 2020-06-08 \n**Date First Published:** | 2020-06-08 \n**Date Last Updated: ** | 2020-07-08 21:44 UTC \n**Document Revision: ** | 14 \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-06-08T00:00:00", "type": "cert", "title": "Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-08T21:44:00", "id": "VU:339275", "href": "https://www.kb.cert.org/vuls/id/339275", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "attackerkb": [{"lastseen": "2021-07-20T20:15:01", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.\n\n \n**Recent assessments:** \n \n**kevthehermit** at June 09, 2020 7:51am UTC reported:\n\nThis one has a name and a website. \u2013 <https://callstranger.com/>\n\nThere is also a github repository that has PoC code, this code will scan your local IP range to determine if you have vulnerable devices. Be aware this POC will send data about your network out to a 3rd party. It claims to encrypt this data, but I have not reviewed the implementation. \nIt may not have a list of internal UPNP Devices, but it will have a record of your IP, how much data was sent.\n\n<https://github.com/yunuscadirci/CallStranger>\n\n#### Root Cause\n\nA Callback header that can be controlled by the attacker in the `UPnP SUBSCRIBE` functionality can lead to SSRF-Like behaviour\n\n#### Threat\n\n### DDOS:\n\nThis seems to be the obvious one that will get picked up by most botnet operators at some point.\n\n### DLP\n\nDon\u2019t expect this to be a likely threat, there are easier ways to bypass outgoing DLP restrictions than this.\n\n### SSRF Like\n\nNeeds more review but `Scanning internal ports from Internet-facing UPnP devices` could be useful, depending on what data is returned.\n\n**busterb** at June 09, 2020 11:22pm UTC reported:\n\nThis one has a name and a website. \u2013 <https://callstranger.com/>\n\nThere is also a github repository that has PoC code, this code will scan your local IP range to determine if you have vulnerable devices. Be aware this POC will send data about your network out to a 3rd party. It claims to encrypt this data, but I have not reviewed the implementation. \nIt may not have a list of internal UPNP Devices, but it will have a record of your IP, how much data was sent.\n\n<https://github.com/yunuscadirci/CallStranger>\n\n#### Root Cause\n\nA Callback header that can be controlled by the attacker in the `UPnP SUBSCRIBE` functionality can lead to SSRF-Like behaviour\n\n#### Threat\n\n### DDOS:\n\nThis seems to be the obvious one that will get picked up by most botnet operators at some point.\n\n### DLP\n\nDon\u2019t expect this to be a likely threat, there are easier ways to bypass outgoing DLP restrictions than this.\n\n### SSRF Like\n\nNeeds more review but `Scanning internal ports from Internet-facing UPnP devices` could be useful, depending on what data is returned.\n\nAssessed Attacker Value: 2 \nAssessed Attacker Value: 2Assessed Attacker Value: 3\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-06-08T00:00:00", "type": "attackerkb", "title": "CVE-2020-12695 \"CallStranger\"", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-20T00:00:00", "id": "AKB:DB7D4D6F-62DF-4B24-B7A1-C8B584415E20", "href": "https://attackerkb.com/topics/nRYDYOMY2t/cve-2020-12695-callstranger", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "cisa": [{"lastseen": "2021-02-24T18:07:17", "description": "The CERT Coordination Center (CERT/CC) has released information on a vulnerability\u2014CVE-2020-12695\u2014affecting versions of the Universal Plug and Play (UPnP) protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could exploit this vulnerability to cause a distributed denial-of-service condition.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) encourages vendors and internet service providers (ISPs) to review CERT/CC\u2019s Vulnerability Note [VU#339275](< https://www.kb.cert.org/vuls/id/339275>) and implement the [updated specifications](<https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf>) provided by the Open Connectivity Framework.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/06/09/certcc-reports-vulnerability-universal-plug-and-play-protocol>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-06-09T00:00:00", "type": "cisa", "title": "CERT/CC Reports Vulnerability in Universal Plug and Play Protocol", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-06-09T00:00:00", "id": "CISA:74EFEC5277573BE85C62E67E38E79292", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/06/09/certcc-reports-vulnerability-universal-plug-and-play-protocol", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "openvas": [{"lastseen": "2020-07-21T19:45:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-04T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for gssdp (FEDORA-2020-1f7fc0d0c9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-09T00:00:00", "id": "OPENVAS:1361412562310878036", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878036", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878036\");\n script_version(\"2020-07-09T12:15:58+0000\");\n script_cve_id(\"CVE-2020-12695\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-09 12:15:58 +0000 (Thu, 09 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-04 03:20:59 +0000 (Sat, 04 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for gssdp (FEDORA-2020-1f7fc0d0c9)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-1f7fc0d0c9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O46D6A37VVYHB45232FFNDUHCX77TZBV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gssdp'\n package(s) announced via the FEDORA-2020-1f7fc0d0c9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GSSDP implements resource discovery and announcement over SSDP and is part\nof gUPnP. GUPnP is an object-oriented open source framework for creating\nUPnP devices and control points, written in C using GObject and libsoup. The\nGUPnP API is intended to be easy to use, efficient and flexible.\");\n\n script_tag(name:\"affected\", value:\"'gssdp' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gssdp\", rpm:\"gssdp~1.0.4~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-07-21T19:46:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-04T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for gupnp (FEDORA-2020-1f7fc0d0c9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-09T00:00:00", "id": "OPENVAS:1361412562310878034", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878034", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878034\");\n script_version(\"2020-07-09T12:15:58+0000\");\n script_cve_id(\"CVE-2020-12695\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-09 12:15:58 +0000 (Thu, 09 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-04 03:20:57 +0000 (Sat, 04 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for gupnp (FEDORA-2020-1f7fc0d0c9)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-1f7fc0d0c9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gupnp'\n package(s) announced via the FEDORA-2020-1f7fc0d0c9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GUPnP is an object-oriented open source framework for creating UPnP\ndevices and control points, written in C using GObject and libsoup.\nThe GUPnP API is intended to be easy to use, efficient and flexible.\");\n\n script_tag(name:\"affected\", value:\"'gupnp' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gupnp\", rpm:\"gupnp~1.0.5~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-07-21T19:46:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-03T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for hostapd (FEDORA-2020-df3e1cfde9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-10T00:00:00", "id": "OPENVAS:1361412562310878022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878022", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878022\");\n script_version(\"2020-07-10T06:57:28+0000\");\n script_cve_id(\"CVE-2020-12695\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-10 06:57:28 +0000 (Fri, 10 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 03:20:28 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for hostapd (FEDORA-2020-df3e1cfde9)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-df3e1cfde9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the FEDORA-2020-df3e1cfde9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"hostapd is a user space daemon for access point and authentication servers. It\nimplements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP\nAuthenticators and RADIUS authentication server.\n\nhostapd is designed to be a 'daemon' program that runs in the back-ground and\nacts as the backend component controlling authentication. hostapd supports\nseparate frontend programs and an example text-based frontend, hostapd_cli, is\nincluded with hostapd.\");\n\n script_tag(name:\"affected\", value:\"'hostapd' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.9~4.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "huawei": [{"lastseen": "2021-12-30T12:25:48", "description": "There is an vulnerability in UPnP protocol that does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, named CallStranger. The UPnP function of Huawei product is enabled only on the LAN side and is not enabled on the WAN side. (Vulnerability ID: HWPSIRT-2020-04132)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-12695.\n\nHuawei has released software updates to fix this vulnerability. This advisory is available at the following link:\n\n[http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-upnp-en](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-upnp-en>)\n\n[](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en>)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-01T00:00:00", "type": "huawei", "title": "Security Advisory - CallStranger Vulnerability in UPnP Protocol", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-09-02T00:00:00", "id": "HUAWEI-SA-20200701-01-UPNP", "href": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-01-upnp-en", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:38:05", "description": "[![](https://thehackernews.com/new-images/img/a/AVvXsEi-Qd2MHVYDYJl5PIX2z3AtQcRnB6K0yMlcfEtUhVfX2p2Hpei_t0aGtKQViZnwmTzTcQXoPeKxh0ApghmA0jmSSZ_kzp8I2-7VDYSXy2k1jyUQq4LEs33er_tLITnsL3p7sM7ViH8e2YmjHzaOKAsRH_bY6zTC48phw_69DL8C7QmD33oG6Z_xIDFp)](<https://thehackernews.com/new-images/img/a/AVvXsEi-Qd2MHVYDYJl5PIX2z3AtQcRnB6K0yMlcfEtUhVfX2p2Hpei_t0aGtKQViZnwmTzTcQXoPeKxh0ApghmA0jmSSZ_kzp8I2-7VDYSXy2k1jyUQq4LEs33er_tLITnsL3p7sM7ViH8e2YmjHzaOKAsRH_bY6zTC48phw_69DL8C7QmD33oG6Z_xIDFp>)\n\nNetworking equipment company Netgear has [released](<https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168>) yet [another round](<https://thehackernews.com/2021/09/high-severity-rce-flaw-disclosed-in.html>) of [patches](<https://thehackernews.com/2021/06/microsoft-discloses-critical-bugs.html>) to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.\n\nTracked as [CVE-2021-34991](<https://nvd.nist.gov/vuln/detail/CVE-2021-34991>) (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead to code execution with the highest privileges by taking advantage of an issue residing in the Universal Plug and Play ([UPnP](<https://en.wikipedia.org/wiki/Universal_Plug_and_Play>)) feature that allows devices to discover each other's presence on the same local network and open ports needed to connect to the public Internet.\n\nBecause of its ubiquitous nature, UPnP is used by a wide variety of devices, including personal computers, networking equipment, video game consoles and internet of things (IoT) devices.\n\nSpecifically, the vulnerability stems from the fact that the UPnP daemon accepts unauthenticated HTTP SUBSCRIBE and UNSUBSCRIBE requests \u2014 which are event notification alerts that devices use to receive notifications from other devices when certain configuration changes, such as media sharing, happen.\n\nBut according to GRIMM security researcher Adam Nichols, there exists a memory stack overflow bug in the code that handles the UNSUBSCRIBE requests, which enables an adversary to send a specially crafted HTTP request and run malicious code on the affected device, including resetting the administrator password and delivering arbitrary payloads. Once the password has been reset, the attacker can then login to the webserver and modify any settings or launch further attacks on the webserver.\n\n[![](https://thehackernews.com/new-images/img/a/AVvXsEjaUtsGVFW9gAGtcxtyAzlHjkQ9DJCX6IlIOpBy6Gei-fDhpk45h_K0TuIQD76tE2V5clr8NlxnLQn_50WmqSlmAvA2Pa7IhnFnrJyddBV6Tw6VA_N_IteI_BS24VqW4E_MYLhUMa67Zfg0XG30QDVKCt-RAIW_idSZUNokQjD0tETc6pZvbXJH9I2M)](<https://thehackernews.com/new-images/img/a/AVvXsEjaUtsGVFW9gAGtcxtyAzlHjkQ9DJCX6IlIOpBy6Gei-fDhpk45h_K0TuIQD76tE2V5clr8NlxnLQn_50WmqSlmAvA2Pa7IhnFnrJyddBV6Tw6VA_N_IteI_BS24VqW4E_MYLhUMa67Zfg0XG30QDVKCt-RAIW_idSZUNokQjD0tETc6pZvbXJH9I2M>)\n\n\"Since the UPnP daemon runs as root, the highest privileged user in Linux environments, the code executed on behalf of the attacker will be run as root as well,\" Nichols [said](<https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html>). \"With root access on a device, an attacker can read and modify all traffic that is passed through the device.\"\n\nThis is far from the first time vulnerable implementations of UPnP have been uncovered in networked devices.\n\nIn June 2020, security researcher Yunus \u00c7adirci discovered what's called a [CallStranger](<https://www.kb.cert.org/vuls/id/339275>) vulnerability ([CVE-2020-12695](<https://nvd.nist.gov/vuln/detail/CVE-2020-12695>), CVSS score: 7.5) wherein a remote, unauthenticated attacker may be able to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations, resulting in amplified DDoS attacks and data exfiltration. What's more, no fewer than 45,000 routers with vulnerable UPnP services were previously leveraged in a [2018 campaign](<https://arstechnica.com/information-technology/2018/11/mass-router-hack-exposes-millions-of-devices-to-potent-nsa-exploit/>) to deploy [EternalBlue and EternalRed](<https://web.archive.org/web/20210814022007/https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html>) exploits on compromised systems. \n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-18T12:59:00", "type": "thn", "title": "Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-34991"], "modified": "2021-11-18T12:59:17", "id": "THN:9359327FB0FF84D47C4321156FD64C6B", "href": "https://thehackernews.com/2021/11/critical-root-rce-bug-affects-multiple.html", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2021-08-21T10:09:07", "description": "In a [security advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5>), Cisco has informed users that a vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.\n\nNormally we'd say "patch now", but you can't, and you'll never be able to because a patch isn't coming.\n\n### CVE-2021-34730\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). This vulnerability is listed under [CVE-2021-34730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34730>). As a result of improper validation of incoming UPnP traffic an attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. \n\nA successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system, or cause the device to reload, resulting in a DoS condition. "Executing arbitrary code as the root user" is tantamount to "do whatever they like", which is bad. A CVSS score of 9.8 out of 10 bad. (CVSS can help security teams and developers prioritize threats and allocate resources effectively.)\n\n### UPnP\n\nUniversal Plug and Play (UPnP) is a set of networking protocols that permit networked devices, like routers, to seamlessly discover each other's presence on a network and establish functional network services.\n\nFrom that description alone it should be clear that, from a security point of view, this protocol has no place on an Internet-facing device. Once you have set up your connections to the internal devices there is no reason to leave UPnP enabled. There are plenty of reasons to disable it.\n\nA lot of the problems associated with UPnP-based threats can be linked back to security issues during implementation. Router manufacturers [historically](<https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp>) have not been very good at securing their UPnP implementations, which often leads to the router not checking input properly. Which is exactly what happened here. Again.\n\nAnd then there are vulnerabilities in UPnP itself. The most famous one probably is [CallStranger](<https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/>), which was caused by the Callback header value in UPnP\u2019s SUBSCRIBE function that can be controlled by an attacker and enables a vulnerability which affected millions of Internet-facing devices.\n\nThat particular vulnerability should have been patched by most vendors by now by the way. But CVE-2021-34730 won't be, here's why\u2026\n\n### No patch\n\nThe affected routers have entered the [end-of-life process](<https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/eos-eol-notice-c51-742771.pdf>) and so Cisco has not released software updates to fix the problem. According to the security advisory, it seems they have no plans to do so either:\n\n\u201cCisco has not released and will not release software updates to address the vulnerability described in this advisory.\u201d Cisco also says it is not aware of any malicious use of the vulnerability.\n\nSince there are no workarounds that address this vulnerability, the only choice that administrators have is to disable the affected feature (UPnP). Or buy a new router. Since the routers won't receive any updates for issues in future either, we suggest you do both: Disable UPnP now, and buy a new router soon.\n\n### Mitigation\n\nFor owners of the affected routers it is particularly important to check that UPnP is disabled both on the WAN and the LAN interface. The WAN interface is set to off by default but that doesn't mean it hasn't been changed since. The LAN interface is set to on by default and needs to be turned off. Cisco advises that to disable UPnP on the LAN interface of a device, you do the following:\n\n * Open the web-based management interface and choose Basic Settings > UPnP.\n * Check the Disable check box.\n\nIt is important to disable UPnP on both interfaces because that is the only way to eliminate the vulnerability.\n\nStay safe, everyone!\n\nThe post [Cisco Small Business routers vulnerable to remote attacks, won't get a patch](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/cisco-small-business-routers-vulnerable-to-remote-attacks-wont-get-a-patch/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-08-19T20:29:09", "type": "malwarebytes", "title": "Cisco Small Business routers vulnerable to remote attacks, won\u2019t get a patch", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-34730"], "modified": "2021-08-19T20:29:09", "id": "MALWAREBYTES:1F038DB7EFBB36EF80C56CAFA6D41B90", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/cisco-small-business-routers-vulnerable-to-remote-attacks-wont-get-a-patch/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2021-12-29T04:50:19", "description": "New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/wpa_supplicant-2.9-i586-1_slack14.2.txz: Upgraded.\n This update fixes the following security issues:\n AP mode PMF disconnection protection bypass.\n UPnP SUBSCRIBE misbehavior in hostapd WPS AP.\n P2P group information processing vulnerability.\n P2P provision discovery processing vulnerability.\n ASN.1: Validate DigestAlgorithmIdentifier parameters.\n Flush pending control interface message for an interface to be removed.\n These issues could result in a denial-of-service, privilege escalation,\n arbitrary code execution, or other unexpected behavior.\n Thanks to nobodino for pointing out the patches.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0535\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30004\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.9-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.9-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.9-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.9-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.9-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.9-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.9-i586-8.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.9-x86_64-8.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nc7f924f06b8d72768571d8304f5c37e7 wpa_supplicant-2.9-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n993052fe0c17c01c57a68f1e7ead6254 wpa_supplicant-2.9-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nfa383478bd07b1e7ae7d86b253b21375 wpa_supplicant-2.9-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n200d9c2a29cb6fa65ac997ce2e585dbd wpa_supplicant-2.9-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\ndcdc508c0b81f2101786ce35fc083c7b wpa_supplicant-2.9-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n50e4302b46ba90b9b6801c68b5f9a155 wpa_supplicant-2.9-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nca90b2f1ab0b20a3001a02269528dd78 n/wpa_supplicant-2.9-i586-8.txz\n\nSlackware x86_64 -current package:\n34e0822856e122fbbfbd9c5bbffd6762 n/wpa_supplicant-2.9-x86_64-8.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg wpa_supplicant-2.9-i586-1_slack14.2.txz", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-12-29T03:28:00", "type": "slackware", "title": "[slackware-security] wpa_supplicant", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275", "CVE-2020-12695", "CVE-2021-0326", "CVE-2021-0535", "CVE-2021-27803", "CVE-2021-30004"], "modified": "2021-12-29T03:28:00", "id": "SSA-2021-362-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.501086", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}]}

openSUSE Security Update : minidlna (openSUSE-2020-2160)

Description

Related