CERT/CC Reports Vulnerability in Universal Plug and Play Protocol

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) advised that the CERT Coordination Center (CERT/CC) has released information on a vulnerability – CVE-2020-12695 – affecting versions of the Universal Plug and Play (UPnP) protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could exploit this vulnerability to cause a distributed denial-of-service condition. CISA encourages vendors and internet service providers (ISPs) to review CERT/CC’s Vulnerability Note VU#339275 and implement the updated specifications provided by the Open Connectivity Framework. Read the advisory at CISA.