HD Moore, CSO, Rapid7
April 01, 2013
Threat of the month

Threat of the month: Universal Plug and Play vulnerabilities

Threat of the month: pdf.exe.zip files
Threat of the month: pdf.exe.zip files
What is it? 

Security vulnerabilities have been discovered in Universal Plug and Play (UPnP), which lets network-enabled devices communicate with each other.

How does it work?

The flaws in UPnP Simple Service Discovery Protocol (SSDP), UPnP HTTP and Simple Object Access Protocol (SOAP) can be exploited by attackers to crash the service and execute arbitrary code. The SOAP vulnerabilities also expose private networks to attacks and data leaks. In some cases, attackers can get past the firewall to launch an attack on connected machines.

Should I be worried?

New research has shed light on the endemic extent of the vulnerabilities. It shows that 40-50 million UPnP-enabled devices are exposed to the internet and vulnerable to attack via these flaws. The possibility is that you could be affected.

How can I prevent it? 

UPnP should be disabled from all external-facing and/or critical devices. Users are encouraged to scan their networks for vulnerable UPnP services.

From the April 2013 Issue of SCMagazine »
Related Articles
Related Topics
close

Next Article in Threat of the Month

More in Threat of the Month

Threat of the month: pdf.exe.zip files

Threat of the month: pdf.exe.zip files

For our May issue's "threat of the month," we focused on pdf.exe.zip files, an old-style email executable attachment attack.

Threat of the month: IE exploits

Threat of the month: IE exploits

IE exploits, a zero-day vulnerability that affects various Internet Explorer versions, are February's "Threat of the month."

Threat of the month: Virtualized application vulnerabilities

Threat of the month: Virtualized application vulnerabilities

The first "Threat of the Month" for 2013 are virtualized application vulnerabilities.