Vulnerability CVE-2021-33516

Vulnerability Name:

CVE-2021-33516 (CCN-202363)

Assigned:

2021-04-06

Published:

2021-04-06

Updated:

2021-05-28

Summary:

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

4.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

8.3 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L)
7.2 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): Low

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

3.2 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other
CWE-200

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-33516

Source: MISC
Type: Patch, Vendor Advisory
https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536

Source: XF
Type: UNKNOWN
gnome-gupnp-cve202133516-sec-bypass(202363)

Source: CCN
Type: GUPnP GIT Repository
Server does not check value of Host header

Source: MISC
Type: Issue Tracking, Vendor Advisory
https://gitlab.gnome.org/GNOME/gupnp/-/issues/24

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnome:gupnp:*:*:*:*:*:*:*:* (Version < 1.0.7)

OR cpe:/a:gnome:gupnp:*:*:*:*:*:*:*:* (Version >= 1.1.0 and < 1.2.5)

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7429	P	Mesa-22.3.5-150500.75.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7933	P	libgupnp-1_2-1-1.4.3-150400.1.6 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7474	P	cups-2.2.7-150000.3.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:95295	P	Security update for harfbuzz (Important)	2022-08-04
oval:org.opensuse.security:def:3595	P	libgcab-1_0-0-0.6-1.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3313	P	ovmf-2017+git1510945757.b2662641d5-3.16.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94943	P	libgupnp-1_2-1-1.4.3-150400.1.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95225	P	typelib-1_0-GUPnP-1_0-1.4.3-150400.1.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94782	P	perl-XML-Twig-3.52-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:6072	P	Security update for webkit2gtk3 (Important)	2022-06-15
oval:org.opensuse.security:def:6067	P	Security update for mozilla-nss (Important)	2022-06-09
oval:org.opensuse.security:def:95302	P	Security update for MozillaFirefox (Important)	2022-05-19
oval:org.opensuse.security:def:102015	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) (Important)	2022-03-01
oval:org.opensuse.security:def:102008	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Critical)	2022-02-17
oval:org.opensuse.security:def:112643	P	libgupnp-1_2-0-1.2.7-2.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106124	P	libgupnp-1_2-0-1.2.7-2.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:101495	P	Security update for qemu (Moderate)	2021-08-27
oval:org.opensuse.security:def:111602	P	Security update for gupnp (Important)	2021-07-11
oval:org.opensuse.security:def:111459	P	Security update for gupnp (Important)	2021-06-25
oval:org.opensuse.security:def:102318	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:96308	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:68563	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:65226	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:74294	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:5754	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:102567	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:109233	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:117675	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:1473	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:4137	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:108161	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:70786	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:65289	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:74357	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:102980	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:109646	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:67161	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:76229	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:118318	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:10646	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:1766	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:4200	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:70821	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:101704	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:95854	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:68518	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:119786	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:10681	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:108681	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:97136	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:66843	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:75911	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:35256	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:67156	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:76224	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:108674	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:97086	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:66836	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:75904	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:26079	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:61079	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:5747	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:5066	P	Security update for gupnp (Important)	2021-06-18
oval:com.redhat.rhsa:def:20212417	P	RHSA-2021:2417: gupnp security update (Important)	2021-06-14
oval:com.redhat.rhsa:def:20212363	P	RHSA-2021:2363: gupnp security update (Important)	2021-06-09

BACK