Vulnerability CVE-2020-12695

Vulnerability Name:

CVE-2020-12695 (CCN-183061)

Assigned:

2020-06-08

Published:

2020-06-08

Updated:

2023-04-26

Summary:

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H)
6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): High

4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L)
4.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): Low

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H)
6.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.8 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Complete

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-12695

Source: cve@mitre.org
Type: Third Party Advisory, VDB Entry
cve@mitre.org

Source: CCN
Type: US-CERT VU#339275
Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: XF
Type: UNKNOWN
upnp-cve202012695-info-disc(183061)

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: CCN
Type: Open Connectivity Foundation Web site
UPnP specification

Source: CCN
Type: Packet Storm Security [06-11-2020]
CallStranger UPnP Vulnerability Checker

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory, US Government Resource
cve@mitre.org

Source: CCN
Type: oss-sec Mailing List, Mon, 8 Jun 2020 18:18:01 +0300
hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration CCN 1:

cpe:/a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7933	P	libgupnp-1_2-1-1.4.3-150400.1.6 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3313	P	ovmf-2017+git1510945757.b2662641d5-3.16.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3595	P	libgcab-1_0-0-0.6-1.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94943	P	libgupnp-1_2-1-1.4.3-150400.1.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95225	P	typelib-1_0-GUPnP-1_0-1.4.3-150400.1.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:112404	P	hostapd-2.9-6.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112643	P	libgupnp-1_2-0-1.2.7-2.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112984	P	minidlna-1.3.0-2.7 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105913	P	hostapd-2.9-6.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106124	P	libgupnp-1_2-0-1.2.7-2.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106431	P	minidlna-1.3.0-2.7 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:93563	P	(Moderate)	2021-05-26
oval:com.redhat.rhsa:def:20211789	P	RHSA-2021:1789: gssdp and gupnp security update (Moderate)	2021-05-18
oval:org.opensuse.security:def:100276	P	(Moderate)	2021-05-05
oval:org.opensuse.security:def:11196	P	Security update for hostapd (Important)	2021-04-12
oval:org.opensuse.security:def:109811	P	Security update for hostapd (Important)	2021-04-12
oval:org.opensuse.security:def:103154	P	Security update for hostapd (Important)	2021-04-12
oval:org.opensuse.security:def:96464	P	Security update for hostapd (Important)	2021-04-12
oval:org.opensuse.security:def:111305	P	Security update for hostapd (Important)	2021-04-09
oval:org.opensuse.security:def:11027	P	Security update for minidlna (Moderate)	2020-12-10
oval:org.opensuse.security:def:103087	P	Security update for minidlna (Moderate)	2020-12-08
oval:org.opensuse.security:def:11022	P	Security update for minidlna (Moderate)	2020-12-08
oval:org.opensuse.security:def:96397	P	Security update for minidlna (Moderate)	2020-12-08
oval:org.opensuse.security:def:109744	P	Security update for minidlna (Moderate)	2020-12-08
oval:org.opensuse.security:def:110363	P	Security update for minidlna (Moderate)	2020-12-07
oval:org.opensuse.security:def:110900	P	Security update for minidlna (Moderate)	2020-12-04

BACK