Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Security Activity Bulletin

Multiple Universal Plug and Play Devices Simple Service Discovery Protocol Processing Vulnerabilities

 
Threat Type:IntelliShield: Security Activity Bulletin
IntelliShield ID:28002
Version:5
First Published:2013 January 29 15:28 GMT
Last Published:2013 April 25 21:25 GMT
Port: 1900
CVE:CVE-2012-5958 , CVE-2012-5959 , CVE-2012-5960 , CVE-2012-5961 , CVE-2012-5962 , CVE-2012-5963 , CVE-2012-5964 , CVE-2012-5965 , CVE-2013-0229 , CVE-2013-0230
Urgency:Possible use
Credibility:Confirmed
Severity:Moderate Damage
Related Resources:
View related IPS SignatureView related Applied Mitigation Bulletin
 
 
Version Summary:The Portable SDK for UPnP Devices project has released source updates to address the multiple Universal Plug and Play devices Simple Service Discovery Protocol processing vulnerabilities.
 

Description
 
Multiple Universal Plug and Play devices contain vulnerabilities that could allow an unauthenticated, remote attacker to access sensitive information, execute arbitrary code, or cause a denial of service (DoS) condition on a targeted system.

The Universal Plug and Play (UPnP) protocol suite was designed to simplify the discovery and control of network devices. A diverse set of network devices use UPnP, such as routers, switches, wireless access points, and many types of client devices. Exploitable vulnerabilities in the Portable SDK for UPnP devices SSDP parser, the MiniUPnP SOAP handler, and the MiniUPnP SSDP parser have been reported, which could allow an unauthenticated, remote attacker to execute arbitrary code or cause a DoS condition.

Risks of exploitation of the vulnerabilities are increased due to widespread, unsafe configurations of UPnP on affected devices. Reports indicate that multiple unsafe configurations were found in the Simple Service Discovery Protocol (SSDP) service on UPnP devices, as well the HTTP service that hosts the Simple Object Access Protocol (SOAP) interface. By default, UPnP uses UDP port 1900 and should only be exposed to trusted networks. However, the unsafe configuration in the SOAP interface could allow for widespread exposure of the SSDP service to the Internet. As a result, attackers from untrusted networks could exploit the vulnerabilities within the SSDP and SOAP parsers.

Proof-of-concept code that exploits these vulnerabilities is publicly available.

Cisco has released a security advisory at the following link: cisco-sa-20130129-upnp

US-CERT has released a vulnerability note at the following link: VU#922681

Administrators are advised to apply software updates as they become available.

Administrators are advised to disable UPnP on all Internet-facing systems.

Administrators are advised to replace all devices that do not have the ability to disable the SSDP protocol.

Administrators may consider using access control lists (ACLs) to block services on UDP port 1900.

Administrators are advised to monitor affected systems.

The Cisco Applied Intelligence team has created the following companion document to guide administrators in identifying and mitigating attempts to exploit this vulnerability prior to applying updated software: cisco-amb-20130130-upnp

FreeBSD has released a VuXML document at the following link: upnp -- multiple vulnerabilities

FreeBSD has released ports collection updates at the following link: Ports Collection Index

The Portable SDK for UPnP Devices project has released a changelog at the following link: Version 1.6.18 Changelog

Signatures
 
Cisco Intrusion Prevention System (IPS) 6.0
Signature IDSignature NameReleaseLatest Release Date
1851/0Portable SDK for UPnP Devices Buffer Overflow VulnerabilitiesS7032013 Mar 21 
4158/0Portable SDK for UPnP Devices Buffer OverflowS7482013 Oct 16 
 
Alert History
 

Version 4, January 31, 2013, 10:27 AM: FreeBSD has released a VuXML document and updated ports collection to address the multiple Universal Plug and Play devices Simple Service Discovery Protocol processing vulnerabilities.

Version 3, January 30, 2013, 10:24 AM: Cisco has released an Applied Mitigation Bulletin to address the multiple Universal Plug and Play devices Simple Service Discovery Protocol processing vulnerabilities.

Version 2, January 29, 2013, 11:52 AM: Cisco has released a security advisory to address the multiple Universal Plug and Play devices Simple Service Discovery Protocol processing vulnerabilities.

Version 1, January 29, 2013, 10:28 AM: Multiple Universal Plug and Play devices contain vulnerabilities that could allow an unauthenticated, remote attacker to access sensitive information, execute arbitrary code, or cause a denial of service condition on a targeted system.


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
IntelliShieldSecurity Activity Bulletin Original Release Base

Associated Products:
FreeBSD ProjectFreeBSD 6.3 Base | 6.4 Base | 7.0 Base | 7.1 Base | 7.2 Base | 7.3 Base | 7.4 Base | 8.0 Base | 8.1 Base | 8.2 Base | 8.3 Base | 9.0 Base | 9.1 Base
GNU Public Licenselibupnp 1.6 Base, .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11, .12, .13, .14, .15, .16, .17




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield