CVE-2020-12695 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-12695 Interim 1 18 2023-09-07T00:01:43Z current 2021-05-30T14:40:13Z 2023-09-07T00:01:43Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-12695 The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A2GHF3UJM6D2JSKELXMJY57IRWK3PJM3/ E-Mail link for openSUSE-SU-2020:2160-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TSSIKL5YFHBGYOJ3SQBDZNPPVD4OU4WF/ E-Mail link for openSUSE-SU-2020:2194-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SNZKSW2K4W6JRPVMJ5SOHHDWS6UI5LAZ/ E-Mail link for openSUSE-SU-2020:2204-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7S45AUDAZDSITTGVELYZ3FY6T7HMLOED/ E-Mail link for openSUSE-SU-2020:2226-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXT3Y5NEGCCPGZ7FTYURPUBTHNNJA6MF/ E-Mail link for openSUSE-SU-2021:0519-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7GHTARPJSUMITH7M3ESWRIZUIYW5UAM6/ E-Mail link for openSUSE-SU-2021:0545-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Desktop Applications 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SP4 SUSE Package Hub 15 SP1 SUSE Package Hub 15 SP2 openSUSE Leap 15.1 openSUSE Leap 15.2 openSUSE Leap 15.4 openSUSE Tumbleweed hostapd-2.9-6.2 hostapd-2.9-bp152.2.3.1 hostapd-2.9-lp152.2.3.1 libgupnp-1_2-0-1.2.7-2.2 libgupnp-1_2-0-32bit-1.2.7-2.2 libgupnp-1_2-1-1.4.3-150400.1.6 libgupnp-devel-1.2.7-2.2 libgupnp-devel-1.4.3-150400.1.6 minidlna-1.3.0-2.7 minidlna-1.3.0-bp151.2.3.1 minidlna-1.3.0-bp152.4.3.1 minidlna-1.3.0-lp151.3.3.1 minidlna-1.3.0-lp152.4.3.1 typelib-1_0-GUPnP-1_0-1.2.7-2.2 typelib-1_0-GUPnP-1_0-1.4.3-150400.1.6 libgupnp-1_2-1-1.4.3-150400.1.6 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP4 libgupnp-1_2-1-1.4.3-150400.1.6 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 libgupnp-devel-1.4.3-150400.1.6 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 typelib-1_0-GUPnP-1_0-1.4.3-150400.1.6 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 typelib-1_0-GUPnP-1_0-1.4.3-150400.1.6 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 minidlna-1.3.0-bp151.2.3.1 as a component of SUSE Package Hub 15 SP1 hostapd-2.9-bp152.2.3.1 as a component of SUSE Package Hub 15 SP2 minidlna-1.3.0-bp152.4.3.1 as a component of SUSE Package Hub 15 SP2 minidlna-1.3.0-lp151.3.3.1 as a component of openSUSE Leap 15.1 hostapd-2.9-lp152.2.3.1 as a component of openSUSE Leap 15.2 minidlna-1.3.0-lp152.4.3.1 as a component of openSUSE Leap 15.2 libgupnp-1_2-1-1.4.3-150400.1.6 as a component of openSUSE Leap 15.4 hostapd-2.9-6.2 as a component of openSUSE Tumbleweed libgupnp-1_2-0-1.2.7-2.2 as a component of openSUSE Tumbleweed libgupnp-1_2-0-32bit-1.2.7-2.2 as a component of openSUSE Tumbleweed libgupnp-devel-1.2.7-2.2 as a component of openSUSE Tumbleweed minidlna-1.3.0-2.7 as a component of openSUSE Tumbleweed typelib-1_0-GUPnP-1_0-1.2.7-2.2 as a component of openSUSE Tumbleweed The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. CVE-2020-12695 SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libgupnp-1_2-1-1.4.3-150400.1.6 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libgupnp-1_2-1-1.4.3-150400.1.6 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libgupnp-devel-1.4.3-150400.1.6 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-GUPnP-1_0-1.4.3-150400.1.6 SUSE Linux Enterprise Workstation Extension 15 SP4:typelib-1_0-GUPnP-1_0-1.4.3-150400.1.6 SUSE Package Hub 15 SP1:minidlna-1.3.0-bp151.2.3.1 SUSE Package Hub 15 SP2:hostapd-2.9-bp152.2.3.1 SUSE Package Hub 15 SP2:minidlna-1.3.0-bp152.4.3.1 openSUSE Leap 15.1:minidlna-1.3.0-lp151.3.3.1 openSUSE Leap 15.2:hostapd-2.9-lp152.2.3.1 openSUSE Leap 15.2:minidlna-1.3.0-lp152.4.3.1 openSUSE Leap 15.4:libgupnp-1_2-1-1.4.3-150400.1.6 openSUSE Tumbleweed:hostapd-2.9-6.2 openSUSE Tumbleweed:libgupnp-1_2-0-1.2.7-2.2 openSUSE Tumbleweed:libgupnp-1_2-0-32bit-1.2.7-2.2 openSUSE Tumbleweed:libgupnp-devel-1.2.7-2.2 openSUSE Tumbleweed:minidlna-1.3.0-2.7 openSUSE Tumbleweed:typelib-1_0-GUPnP-1_0-1.2.7-2.2 important 7.8 AV:N/AC:M/Au:N/C:P/I:N/A:C 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H