SynopsisThe remote Ubuntu host is missing a security update.
DescriptionThe remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4494-1 advisory.
- The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpdate the affected gir1.2-gupnp-1.2, libgupnp-1.2-0 and / or libgupnp-1.2-dev packages.