CVE-2020-23622 - OpenCVE

An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cling Project	Cling

Configuration 1 [-]

cpe:2.3:a:cling_project:cling:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/4thline/cling/issues/253	Exploit Issue Tracking Patch Third Party Advisory
https://zh-cn.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of?tns_redirect=true	Not Applicable

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-15T19:10:38

Updated: 2022-08-15T19:10:38

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-23622

JSON object: View

NVD Information

Status : Modified

Published: 2022-08-15T20:15:09.040

Modified: 2024-05-17T01:45:35.480

Link: CVE-2020-23622

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-15T19:10:38", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/4thline/cling/issues/253"}, {"tags": ["x_refsource_MISC"], "url": "https://zh-cn.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of?tns_redirect=true"}], "tags": ["unsupported-when-assigned"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-23622", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/4thline/cling/issues/253", "refsource": "MISC", "url": "https://github.com/4thline/cling/issues/253"}, {"name": "https://zh-cn.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of?tns_redirect=true", "refsource": "MISC", "url": "https://zh-cn.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of?tns_redirect=true"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-23622", "datePublished": "2022-08-15T19:10:38", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2022-08-15T19:10:38", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}