CVE-2020-12695 - CERT CVE
ID CVE-2020-12695
Sažetak The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Reference
CVSS
Base: 7.8
Impact: 7.8
Exploitability:8.6
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL NONE COMPLETE
CVSS vektor AV:N/AC:M/Au:N/C:P/I:N/A:C
Zadnje važnije ažuriranje 08-04-2024 - 22:50
Objavljeno 08-06-2020 - 17:15