UPnP File Share Detection

medium Nessus Plugin ID 94046

Synopsis

The remote device is running a file server.

Description

According to its UPnP data, the remote device hosts a 'Content Directory'. Therefore, an adjacent user can read shared files on the host. This is often associated with a media server.

Solution

Ensure the file share is legitimate and in accordance with your security policy.

See Also

http://upnp.org/specs/av/UPnP-av-ContentDirectory-v1-Service.pdf

Plugin Details

Severity: Medium

ID: 94046

File Name: upnp_browse_content_directory.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 10/13/2016

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Required KB Items: upnp/www