Alert

CERT/CC Reports Vulnerability in Universal Plug and Play Protocol

Last Revised

The CERT Coordination Center (CERT/CC) has released information on a vulnerability—CVE-2020-12695—affecting versions of the Universal Plug and Play (UPnP) protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could exploit this vulnerability to cause a distributed denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages vendors and internet service providers (ISPs) to review CERT/CC’s Vulnerability Note VU#339275 and implement the updated specifications provided by the Open Connectivity Framework.

This product is provided subject to this Notification and this Privacy & Use policy.