search menu icon-carat-right cmu-wordmark

CERT Coordination Center

UPnP enabled by default in multiple devices

Vulnerability Note VU#347812

Original Release Date: 2008-01-15 | Last Revised: 2008-07-22

Overview

Multiple vendors ship devices with UPnP enabled by default. By convincing a user to open a malicious URL, an attacker may be able to remotely control or configure UPnP enabled devices.

Description

Universal Plug and Play (UPnP) is a collection of protocols maintained and distributed by the UPnP Forum. UPnP is designed to allow network devices to easily connect to each other. UPnP enabled applications may be able to control other UPnP enabled devices such as firewalls or routers automatically and without authentication. Some applications may rely on UPnP to automatically open ports on routers or automatically set other parameters on compatible devices.

Multiple vendors ship devices with UPnP enabled by default. These devices may be configured to only listen for UPnP requests on local networks or wireless interfaces. By using browser plugins that execute in the context of the local system, an attacker may be able to send UPnP messages to local devices without authentication. One researcher has demonstrated an attack vector that uses the Adobe Flash plugin.

Note that to successfully exploit this vulnerability an attacker would need to be able to guess the IP address of an affected device. This IP address may also be enumerated through browser headers or other methods.

Impact

By convincing a victim to click on a link in an HTML document (web page, HTML email), an attacker could issue any command or change any configuration that can be set via UPnP on an affected device. If the affected device is providing routing or firewalling services to clients, an attacker may be able to change firewall and port forwarding rules, modify DNS settings, change wireless encryption keys, or set arbitrary administration passwords.

Solution

We are currently unaware of a practical solution to this problem. Developers using UPnP should see the UPnP forum's vendor statement for more information.

Adobe has issued an update that prevents Flash from being used as an attack vector to exploit this vulnerability.

From the Understanding Flash Player 9 April 2008 Security Update compatibility document:
The April 2008 Flash Player update adds a new security feature to perform a cross-domain policy file check before allowing SWFs to send headers to another domain. This change helps improve web site security by helping to defend against malicious HTTP headers sent by content from other domains. The feature will also help to mitigate a potential UPnP issue (VU#347812) in which routers fail to correctly handle unexpected header values.

Workarounds for administrators

    • UPnP should be disabled on devices that are being use to enforce security policies or are connected to untrusted networks, such as the Internet. 
    • Filtering the IGMP protocol between LAN segments may prevent UPnP devices from connecting to networks that they are not authorized to access.
Workarounds for users
    • Disabling UPnP on network devices will mitigate this vulnerability. Note that disabling UPnP will cause any devices or applications that rely on UPnP to fail or operate with reduced functionality.
    • Disabling UPnP in desktop operating systems may prevent an attacker from exploiting this vulnerability. Microsoft Windows XP users should see the workarounds section of Microsoft Security Bulletin MS07-019 for instructions on how to disable UPnP.
    • Using the Mozilla Firefox NoScript extension to whitelist web sites that can run scripts and access installed plugins may prevent this vulnerability from being exploited.
    • Using host-based firewalls to filter ports 1900/udp and 2869/tcp both inbound and outbound may prevent this vulnerability from being exploited by blocking the ports that UPnP uses. Note that the Windows Vista firewall blocks UPnP by default. This workaround may not be able to prevent exploitation of this vulnerability.

Vendor Information

347812
 

NEC Corporation Affected

Notified:  January 15, 2008 Updated: June 30, 2008

Status

Affected

Vendor Statement

Some of NEC products are affected by this vulnerability. For more details see http://www.nec.co.jp/security-info/secinfo/nv08-006.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Foundry Networks, Inc. Not Affected

Notified:  January 15, 2008 Updated: January 30, 2008

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Internet Security Systems, Inc. Not Affected

Notified:  January 15, 2008 Updated: January 30, 2008

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intoto Not Affected

Notified:  January 15, 2008 Updated: January 30, 2008

Status

Not Affected

Vendor Statement

Intoto iGateway Firewall ships with UPnP feature, however it is disabled by default. Network administrator has to specifically enable this feature from management interface in order to make it operational. iGateway Firewall also has capability to set filters for source of UPnP messages, allowing only trusted machine's messages to be received and processed.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

McAfee Not Affected

Notified:  January 15, 2008 Updated: January 21, 2008

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Network Appliance, Inc. Not Affected

Notified:  January 15, 2008 Updated: January 30, 2008

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Snort Not Affected

Notified:  January 15, 2008 Updated: January 21, 2008

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sourcefire Not Affected

Notified:  January 15, 2008 Updated: January 21, 2008

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

TippingPoint, Technologies, Inc. Not Affected

Notified:  January 15, 2008 Updated: January 16, 2008

Status

Not Affected

Vendor Statement

TippingPoint devices do not ship with UPnP.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

3com, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

AT&T Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Adobe Unknown

Notified:  April 09, 2008 Updated: April 09, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Alcatel Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Apple Computer, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avaya, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avici Systems, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Borderware Technologies Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Bro Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CentOS Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Charlotte's Web Networks Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Check Point Software Technologies Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cisco Systems, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Clavister Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates eTrust Security Management Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

D-Link Systems, Inc. Unknown

Updated:  January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Data Connection, Ltd. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Debian GNU/Linux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

EMC Corporation Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Enterasys Networks Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ericsson Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Extreme Networks Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F5 Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Force10 Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fortinet, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Gentoo Linux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Global Technology Associates Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hyperchip Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IP Filter Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intel Corporation Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Juniper Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Linksys (A division of Cisco Systems) Unknown

Updated:  January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Lucent Technologies Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Luminous Networks Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multinet (owned Process Software Corporation) Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multitech, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Netgear, Inc. Unknown

Updated:  January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NextHop Technologies, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nokia Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nortel Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux Unknown

Notified:  January 15, 2008 Updated: January 16, 2008

Status

Unknown

Vendor Statement

Openwall GNU/*/Linux is not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

RadWare, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Redback Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Riverstone Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SUSE Linux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secure Computing Network Security Division Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secureworx, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SmoothWall Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sony Corporation Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Stonesoft Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Symantec, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Trustix Secure Linux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

UPnP Unknown

Notified:  February 25, 2008 Updated: July 22, 2008

Status

Unknown

Vendor Statement

The security advisory described in CERT advisory http://www.kb.cert.org/vuls/id/347812 appears to stem from the ability of the Flash ActionScript platform to modify the content type header of HTTP requests made from that platform to other IP addresses. The demonstrated exploit to UPNP seems to be just one of many interactions that the ActionScript platform could cause based on note security problem when accessing services both in and outside the home. The UPnP Forum recommends that Adobe Flash users update to at least the Flash Player 9 April 2008 Security Update to protect their network systems from this and other potential attacks.

The UPnP forum recommends that manufacturers support a security solution in their products for critical service methods. The UPnP forum standardized an access control solution in November 2003 that was designed to be used for this purpose, but to date has not be adopted by manufacturers. A complementary short-term solution is for manufacturers to use a non-fixed URL for their service URLBase values, so that they may not be predicted by such attacks.

The UPnP forum is committed to providing value for consumers and the industry. As a result, we continue to actively work with the industry on security solutions that can be adopted in home environments. Per normal security practice, the UPnP forum recommends also that users change the default passwords on my product to protect against other non-UPnP attacks and that users follow the appropriate security precautions for their computer platforms.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ubuntu Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Unisys Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Watchguard Technologies, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

ZyXEL Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

eSoft, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

m0n0wall Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

netfilter Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 96 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Information about this vulnerability was released by PDP on the GNUCITIZEN website.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: None
Severity Metric: 18.43
Date Public: 2008-01-15
Date First Published: 2008-01-15
Date Last Updated: 2008-07-22 14:45 UTC
Document Revision: 60

Sponsored by CISA.