DATABASE RESOURCES PRICING ABOUT US

{"id": "APPLE:5C28D18266877D81153A80415D7335A2", "vendorId": null, "type": "apple", "bulletinFamily": "software", "title": "About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7", "description": "# About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7\n\nThis document describes the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7.\n\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## AirPort Base Station Firmware Update 7.6.7 and 7.7.7\n\n * **AirPort Base Station Firmware**\n\nAvailable for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n; AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue existed in DNS data parsing. This issue was addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2015-7029 : Alexandre Helie\n\n## Installation note for AirPort Base Station Firmware Update 7.6.7 and 7.7.7\n\nFirmware version 7.6.7 and 7.7.7 is installed on AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n as well as AirPort Extreme and AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS.\n\nUse AirPort Utility 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS to upgrade to Firmware version 7.6.7 and 7.7.7.\n\nAirPort Utility for Mac is a free download from the [Apple Downloads page](<http://support.apple.com/downloads/>) and AirPort Utility for iOS is a free download from the [App Store](<https://support.apple.com/kb/HT204266>).\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2017\n", "published": "2016-06-20T00:00:00", "modified": "2016-06-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://support.apple.com/kb/HT206849", "reporter": "Apple", "references": ["https://support.apple.com/en-us/HT201222"], "cvelist": ["CVE-2015-7029"], "immutableFields": [], "lastseen": "2021-11-10T17:01:11", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "apple", "idList": ["APPLE:HT206849"]}, {"type": "cve", "idList": ["CVE-2015-7029"]}, {"type": "threatpost", "idList": ["THREATPOST:57FB133A09DD0D6778B48235B62853B2"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "apple", "idList": ["APPLE:HT206849"]}, {"type": "cve", "idList": ["CVE-2015-7029"]}]}, "exploitation": null, "vulnersScore": 0.0}, "affectedSoftware": [{"version": "7.6.7", "operator": "lt", "name": "airport base station firmware update"}, {"version": "7.7.7", "operator": "lt", "name": ""}], "_state": {"dependencies": 1647589307, "score": 1659743467}}

{"apple": [{"lastseen": "2020-12-24T20:42:14", "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## AirPort Base Station Firmware Update 7.6.7 and 7.7.7\n\n * **AirPort Base Station Firmware**\n\nAvailable for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n; AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue existed in DNS data parsing. This issue was addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2015-7029 : Alexandre Helie\n\n## Installation note for AirPort Base Station Firmware Update 7.6.7 and 7.7.7\n\nFirmware version 7.6.7 and 7.7.7 is installed on AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n as well as AirPort Extreme and AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS.\n\nUse AirPort Utility 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS to upgrade to Firmware version 7.6.7 and 7.7.7.\n\nAirPort Utility for Mac is a free download from the [Apple Downloads page](<http://support.apple.com/downloads/>) and AirPort Utility for iOS is a free download from the [App Store](<https://support.apple.com/kb/HT204266>).\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-23T03:54:40", "title": "About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7029"], "modified": "2017-01-23T03:54:40", "id": "APPLE:HT206849", "href": "https://support.apple.com/kb/HT206849", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T13:40:37", "description": "Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-03T01:59:00", "type": "cve", "title": "CVE-2015-7029", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7029"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/o:apple:airport_base_station_firmware:7.7.3", "cpe:/o:apple:airport_base_station_firmware:7.6.4", "cpe:/o:apple:airport_base_station_firmware:7.7.0"], "id": "CVE-2015-7029", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7029", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:airport_base_station_firmware:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:airport_base_station_firmware:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:airport_base_station_firmware:7.7.3:*:*:*:*:*:*:*"]}], "threatpost": [{"lastseen": "2018-10-06T22:55:09", "description": "Apple is keeping typically tight-lipped about a remote code execution vulnerability it patched in its AirPort router firmware.\n\nLast night, Apple released an [advisory](<https://support.apple.com/en-us/HT206849>) warning users of the AirPort Express, AirPort Extreme and AirPort Time Capsule base stations that a new firmware was available\u2014AirPort Base Station Firmware Update 7.6.7 and 7.7.7\u2014and should be applied immediately.\n\n\u201cA memory corruption issue existed in DNS data parsing,\u201d Apple\u2019s advisory reads. \u201cThis issue was addressed through improved bounds checking.\u201d\n\nA request to Apple for further comment was not answered prior to publication.\n\nIt\u2019s unknown whether the vulnerability has been exploited publicly, but Apple did say that an attacker could remotely run arbitrary code using this flaw.\n\nDNS parsing issues are particularly serious because an attacker who can insert himself onto the device could be able to intercept and redirect traffic.\n\nUsers are recommended to use AirPort Utility, which is a free download from the App Store, version 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS to upgrade to the correct firmware version.\n\nThe vulnerability has been around since 2015 (CVE-2015-7029) and was disclosed by Apple\u2019s Alexandre Helie.\n\nHelie, 21, is from Quebec, Canada, and according to a [January interview on Canadian television](<http://www.tvanouvelles.ca/2016/01/29/un-hacker-quebecois-embauche-par-apple>), he was hired by Apple after privately disclosing three vulnerabilities.\n\nHelie was a university student in Quebec when he found the original flaws in Apple\u2019s operating system, the interview said. Helie is quoted that he was hopeful of receiving a monetary reward from Apple for his findings, but Apple has no bounty program. Instead, two months later, he was invited to Cupertino to interview for a job on the team that tests the core operating system before it\u2019s put into production, the interview says.\n", "cvss3": {}, "published": "2016-06-21T10:08:41", "type": "threatpost", "title": "Apple Patches AirPort Remote Code Execution Flaw", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-7029"], "modified": "2016-06-22T12:57:24", "id": "THREATPOST:57FB133A09DD0D6778B48235B62853B2", "href": "https://threatpost.com/apple-patches-airport-remote-code-execution-flaw/118787/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}