Intrusion Prevention

WebRTC.Local.IP.Addresses.Disclosure

Description

This indicates an attempt to obtain the IP addresses of a user through WebRTC in various browsers.
The issue is due to a design in various browsers when handling WebRTC calls that probes STUN server to obtain a user's IP address. A potentially malicious actor can exploit this to obtain a user's local and public IP addresses, via a crafted web page.

Affected Products

WebRTC 1.0 on Google Chrome
WebRTC 1.0 on Mozilla Firefox

Impact

Information Disclosure: Remote attacker can obtain the IP address of a targeted user.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.
Monitor the traffic from that network for any suspicious activity.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2025-04-29	31.998	Removed
2024-01-24	26.721	Modified	Severity:medium:low
2021-10-13	18.177	Modified	Sig Added
2019-10-30	14.714	Modified	Sig Added
2019-06-07	14.628	Modified	Severity:low:medium

ID	40038
Created	Mar 06, 2015
Updated	Apr 28, 2025
CVE ID
Risk
Exploit Prediction Score	76.8%
Default Action	drop
Active
Affected OS	Windows, Linux
Affected App	Mozilla, Other
Profile Type	Information Disclosure

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

WebRTC.Local.IP.Addresses.Disclosure

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

WebRTC.Local.IP.Addresses.Disclosure

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center