Summary

Security Advisory ID : BSA-2020-1028

Component : Call Stranger

Revision : 1.0: Final

A vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service (DDoS), data exfiltration, and other unexpected network behavior. The OCF has updated the UPnP specification to address this issue. This vulnerability has been assigned CVE-2020-12695 and is also known as Call Stranger. More at: https://www.kb.cert.org/vuls/id/339275

Affected Products

No Brocade Fiber Channel Products from Broadcom are currently known to be affected by Call Stranger vulnerability.

Notes.

1. Brocade Fiber Channel Products from Broadcom don't support the UPnP protocol.

2. Brocade Manageability products are not vulnerable to Call Stranger vulnerability. However, since the environment that runs the products is not under Brocade's control, Brocade recommends Customers to apply recommendation from the vendors.

Revision History