Just put one of my systems through a Nessus Scan and its pulled back the following vulnerability:



Im having difficulty pin pointing more information about this. Im sure this is one thats been around for ages but im having trouble pin pointing more details about it. Can someone point me in the right direction to get more info on this.

Cheers

check out the services called "Universal Plug and Play Device Host" and "SSDP Discovery Service"

upnp has had vulnerabilities the past (pre SP1 days) but nessus is saying they are simply there so just disable them.

Kinda like Remote Registry, its useless w/o a password, but if A) A vulnerability exists in the servive or related service or a weak/no password will allow easy access to the system...

Etheir way, remote registry just like the helper service are better disabled than enabled, depending on the environment....

kbnet, does GFI Languard say the same thing ? or have you tried that aswell ? See the that thinks of the helper service...

GFI LANGuard scanner does not report this vulnerability, doesnt even report that port 5000 is open. Im just curious as I would like to see how this service is exploited and what the exploit is capable of.

Suppose i got a bit of reading to do.

Cheers for your replies.