Universal Plug and Play service running

Description

A UPNP (Universal Plug and Play) service is running on this host. The UPnP protocol does not implement any authentication, so UPnP device implementations must implement their own authentication mechanisms, or implement the Device Security Service. Unfortunately, many UPnP device implementations lack authentication mechanisms, and by default assume local systems and their users are completely trustworthy. Most notably, Routers and firewalls running the UPnP IGD protocol are vulnerable to attack since the framers of the protocol omitted to add any standard authentication method.

Remediation

If you are not using this service, it is recommended to disable it.

References