Command injection

2010-03-1022:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.1%

JSON

The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.

CPENameOperatorVersion
airport_expresseq7.5
airport_extremeeq7.5
time_capsuleeq7.5

Name	Operator	Version
airport_express	eq	7.5
airport_extreme	eq	7.5
time_capsule	eq	7.5

References

seclists.org/fulldisclosure/2010/Mar/106

www.securityfocus.com/archive/1/509867/100/0/threaded

www.securityfocus.com/archive/1/509974/100/0/threaded

www.securityfocus.com/bid/38543

exchange.xforce.ibmcloud.com/vulnerabilities/56701