Lucene search

[email protected]CVE-2009-2189

HistoryDec 22, 2010 - 3:00 a.m.

CVE-2009-2189

2010-12-2203:00:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2009-2189

icmpv6

apple time capsule

airport extreme

airport express

denial of service

firmware vulnerability

remote attack

6.4 Medium

AI Score

Confidence

Low

6.1 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

75.0%

JSON

The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.

CPENameOperatorVersion
apple:airport_express_base_station_firmwareapple airport express base station firmwarele7.4.2
apple:airport_express_base_station_firmwareapple airport express base station firmwareeq3.84
apple:airport_express_base_station_firmwareapple airport express base station firmwareeq4.0.9
apple:airport_express_base_station_firmwareapple airport express base station firmwareeq6.1
apple:airport_express_base_station_firmwareapple airport express base station firmwareeq6.3
apple:airport_express_base_station_firmwareapple airport express base station firmwareeq7.3.2
apple:airport_express_base_station_firmwareapple airport express base station firmwareeq7.4.1
apple:airport_extreme_base_station_firmwareapple airport extreme base station firmwareeq5.5
apple:airport_extreme_base_station_firmwareapple airport extreme base station firmwareeq5.7
apple:airport_expressapple airport expresseq*

CPE	Name	Operator	Version
apple:airport_express_base_station_firmware	apple airport express base station firmware	le	7.4.2
apple:airport_express_base_station_firmware	apple airport express base station firmware	eq	3.84
apple:airport_express_base_station_firmware	apple airport express base station firmware	eq	4.0.9
apple:airport_express_base_station_firmware	apple airport express base station firmware	eq	6.1
apple:airport_express_base_station_firmware	apple airport express base station firmware	eq	6.3
apple:airport_express_base_station_firmware	apple airport express base station firmware	eq	7.3.2
apple:airport_express_base_station_firmware	apple airport express base station firmware	eq	7.4.1
apple:airport_extreme_base_station_firmware	apple airport extreme base station firmware	eq	5.5
apple:airport_extreme_base_station_firmware	apple airport extreme base station firmware	eq	5.7
apple:airport_express	apple airport express	eq	*

Rows per page:

1-10 of 121

References

lists.apple.com/archives/security-announce/2010//Dec/msg00001.html

support.apple.com/kb/HT4298

www.securitytracker.com/id?1024907

6.4 Medium

AI Score

Confidence

Low

6.1 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2009-2189

prion1 cvelist1 jvn1 nessus1