Detections
Analytics

MiniUPnP DNS Rebind Vulnerability

medium Nessus Plugin ID 93222

Language:

Synopsis

The remote host is affected by a DNS rebind vulnerability.

Description

The remote host is running a version of MiniUPnP that is affected by an unspecified flaw that exists in the Domain Name System (DNS) related to the 'rebinding' interaction. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to run a client-side script that interacts with the systems on their network.

Solution

Upgrade to MiniUPnP version 1.9 or later. Alternatively, if the remote target is an embedded device, disable UPnP.

See Also

http://www.nessus.org/u?7516605f

Plugin Details

Severity: Medium

ID: 93222

File Name: miniupnpd_dns_rebind.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 8/30/2016

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:miniupnp_project:miniupnpd

Exploit Ease: No known exploits are available

Patch Publication Date: 12/9/2014

Vulnerability Publication Date: 12/9/2014

Reference Information

BID: 71624