Vulnerability Details CVE-2020-23622
An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.2%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/4thline/cling/issues/253
- https://zh-cn.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of?tns_redirect=true
- https://github.com/4thline/cling/issues/253
- https://zh-cn.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of?tns_redirect=true
Products affected by CVE-2020-23622
-
cpe:2.3:a:cling_project:cling:2.0.0
-
cpe:2.3:a:cling_project:cling:2.0.1
-
cpe:2.3:a:cling_project:cling:2.1.0
-
cpe:2.3:a:cling_project:cling:2.1.1
-
cpe:2.3:a:cling_project:cling:2.1.2