Wani rauni a cikin yarjejeniyar UPnP yana ba da damar kai hare-hare na Dos da sikan cibiyar sadarwa

Daidaitawa

Kwanan nan bayani game da yanayin rauni (CVE-2020-12695) a cikin yarjejeniyar UPnP an sake shi, wanda ke ba ka damar tsara zirga-zirgar jigilar kaya zuwa mai karɓa ba bisa ka'ida ba ta amfani da "SUBSCRIBE" da aka bayar a cikin daidaitaccen aiki.

Ularfafawa an sanya sunan shi CallStranger da kuma wannan yanayin rauni ana iya amfani dashi don cire bayanai daga cibiyoyin sadarwa masu kariya ta hanyar tsarin Rigakafin asarar bayanai (DLP), shirya binciken tashar jiragen ruwa ta kwamfuta a cikin hanyar sadarwar cikin gida da kuma inganta hare-haren DDoS ta amfani da miliyoyin na'urorin UPnP da aka haɗa da cibiyar sadarwar duniya, kamar modem na USB, magudanar gida, kayan wasanni, kyamarorin IP, saita -top kwalaye, cibiyoyin watsa labarai da kuma masu buga takardu.

Game da rauni

Matsalar saboda gaskiyar cewa aikin SUBSCRIBE bayar a cikin bayani dalla-dalla yana bawa kowane maharin waje damar aika fakitin HTTP tare da taken buga kira kuma yi amfani da na'urar UPnP a matsayin wakili don aika buƙatun zuwa wasu masu masaukin baki.

An ayyana aikin "SUBSCRIBE" a cikin bayanin UPnP kuma ana amfani dashi don bin canje-canje a cikin wasu na'urori da aiyuka. Tare da taken buga kira na HTTP, zaka iya bayyana URL mara kyau wanda na'urar zata gwada hada shi da shi.

CVE-2020-12695 rauni ne mai kama da Server Side Request Forgery (SSRF) akan na'urori masu amfani da UPnP. Raunin yanayin ya wanzu saboda ikon sarrafa ƙimar bugun kiran baya a cikin aikin SUBSCRIBE UPnP.

Don amfani da aibin, maharin zai buƙaci aika takamaiman aikin HTTP SUBSCRIPTION zuwa na'urar da ke da rauni.

Kusan duk abubuwan aiwatarwa na UPnP da aka fitar kafin Afrilu 17 suna shafar.

Hada da an tabbatar da yanayin rauni a cikin bude fakitin hostapd tare da aiwatar da hanyar samun damar mara waya (WPS AP).

Matsalar Hakanan yana shafar mafita bisa tushen bude pnnp UPnP, wanda ba'a iya samun bayanin gyara ba tukuna.

Protocol UPnP yayi bayanin inji don gano na'urori ta atomatik kuma kuyi hulɗa dasu ta hanyar sadarwa. Hakanan, an tsara yarjejeniya don asali don amfani da cibiyoyin sadarwar cikin gida kuma baya samar da kowane nau'i na tabbatarwa da tabbatarwa.

Duk da wannan, miliyoyin na'urori basa hana tallafi na UPnP akan hanyoyin sadarwar waje kuma suna kasancewa don buƙatun daga cibiyar sadarwar duniya. Za'a iya aiwatar da hari ta kowace irin na'urar UPnP.

Misali, ana iya kaiwa hari kan Xbox One consoles ta hanyar tashar jirgin ruwa ta hanyar 2869, saboda suna ba ka damar bin sauye-sauye ta hanyar umarnin SUBSCRIBE, kamar rarraba abun ciki.

La Bude Haɗin Haɗin Gwiwa (OCF) an sanar da shi matsalar a ƙarshen shekarar da ta gabata, amma da farko ya ƙi la'akari da shi yanayin rauni a cikin bayanin.

Bayan cikakken maimaita rahoto, wanzuwar matsalar an gane kuma an kara bayani dalla-dalla kan bayani dalla-dalla kan amfani da UPnP kawai akan hanyoyin LAN. Tunda matsalar ta samo asali ne daga lahani a cikin mizani, zai iya ɗaukar lokaci mai tsawo don daidaita yanayin rauni a kan na’urorin mutum ɗaya, kuma ɗaukakawar firmware na iya bayyana ba don tsofaffin na’urori ba.

Magani

Maganin har yanzu yana nan a cikin sifofin faci, amma ba a buga ba tukuna sabuntawa zuwa Debian, OpenWRT, Ubuntu, RHEL, SUSE, Fedora, Arch.

Kamar yadda aka yi aiki, ana ba da shawarar cewa a keɓance na'urorin UPnP buƙatun waje tare da katangar bango, toshe bayanan HTTP na waje da Sanar da buƙatu akan tsarin rigakafin kai hari, ko kashe UPnP akan hanyoyin sadarwar waje.

An shawarci masana'antun su dakatar da aikin SUBSCRIBE a cikin saitunan da aka saba da ƙayyade lokacin da aka kunna kawai karɓar buƙatun daga cibiyar sadarwar cikin gida.

Don gwada yanayin rauni a kan na'urorin, an buga kayan aiki na musamman, wanda aka rubuta a Python kuma aka rarraba shi a ƙarƙashin lasisin MIT.

Finalmente idan kanaso ka kara sani game dashi game da wannan yanayin rashin lafiyar, zaku iya bincika cikakkun bayanai a cikin mahaɗin mai zuwa.

Source: https://www.tenable.com/


Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.