CVE-2013-0229 : The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attacke

The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.

Published 2013-01-31 21:55:01

Updated 2015-10-08 14:34:44

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Threat overview for CVE-2013-0229

Top countries where our scanners detected CVE-2013-0229

Top open port discovered on systems with this issue 5555

IPs affected by CVE-2013-0229 2,790

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2013-0229!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2013-0229

Probability of exploitation activity in the next 30 days: 97.32%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2013-0229

UPnP SSDP M-SEARCH Information Discovery

First seen: 2020-04-26

auxiliary/scanner/upnp/ssdp_msearch

Discover information from UPnP-enabled systems Authors: - todb <todb@metasploit.com> - hdm <x@hdm.io>

More information
MiniUPnPd 1.4 Denial of Service (DoS) Exploit

Disclosure Date: 2013-03-27

First seen: 2020-04-26

auxiliary/dos/upnp/miniupnpd_dos

This module allows remote attackers to cause a denial of service (DoS) in MiniUPnP 1.0 server via a specifically crafted UDP request. Authors: - hdm <x@hdm.io> - Dejan Lukan

More information

CVSS scores for CVE-2013-0229

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

References for CVE-2013-0229

https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

Help @ Rapid7

CVEs referencing this url
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf

Help @ Rapid7

CVEs referencing this url
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

Security Flaws in Universal Plug and Play: Unplug, Don't Play

CVEs referencing this url

Products affected by CVE-2013-0229

Miniupnp Project » Miniupnpd
Versions up to, including, (<=) 1.3
cpe:2.3:a:miniupnp_project:miniupnpd:*:*:*:*:*:*:*:*
Matching versions
Miniupnp Project » Miniupnpd » Version: 1.2
cpe:2.3:a:miniupnp_project:miniupnpd:1.2:*:*:*:*:*:*:*
Matching versions
Miniupnp Project » Miniupnpd » Version: 1.1
cpe:2.3:a:miniupnp_project:miniupnpd:1.1:*:*:*:*:*:*:*
Matching versions
Miniupnp Project » Miniupnpd » Version: 1.0
cpe:2.3:a:miniupnp_project:miniupnpd:1.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-0229