Intrusion PreventionWebRTC.Local.IP.Addresses.Disclosure
Description
This indicates an attempt to obtain the IP addresses of a user through WebRTC in various browsers.
The issue is due to a design in various browsers when handling WebRTC calls that probes STUN server to obtain a user's IP address. A potentially malicious actor can exploit this to obtain a user's local and public IP addresses, via a crafted web page.
Affected Products
WebRTC 1.0 on Google Chrome
WebRTC 1.0 on Mozilla Firefox
Impact
Information Disclosure: Remote attacker can obtain the IP address of a targeted user.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-01-24 | 26.721 | Severity:medium:low |
| 2021-10-13 | 18.177 | Sig Added |
| 2019-10-30 | 14.714 | Sig Added |
| 2019-06-07 | 14.628 | Severity:low:medium |
| ID | 40038 |
| Created | Mar 06, 2015 |
| Updated | Jan 23, 2024 |
| Risk |
|
| CVE ID | CVE-2018-6849 |
| Exploit Prediction Score | 94.28% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Mozilla, Other |