Unauthenticated Port Forwarding Vulnerability in CAF Android Releases

Unauthenticated Port Forwarding Vulnerability in CAF Android Releases

CVE-2018-11946 · MEDIUM Severity

AV:A/AC:L/AU:N/C:N/I:C/A:N

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.