CVE-2010-0039

Опубликовано: 22 дек. 2010

Источник: nvd

CVSS2: 2.6

EPSS Низкий

Описание

The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.

Ссылки

http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
Patch
Vendor Advisory
http://support.apple.com/kb/HT4298
Patch
Vendor Advisory
http://www.securitytracker.com/id?1024907
http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
Patch
Vendor Advisory
http://support.apple.com/kb/HT4298
Patch
Vendor Advisory
http://www.securitytracker.com/id?1024907

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:h:apple:airport_express_base_station_firmware:*:*:*:*:*:*:*:*

Версия до 7.4.2 (включая)

cpe:2.3:h:apple:airport_express_base_station_firmware:3.84:*:*:*:*:*:*:*

cpe:2.3:h:apple:airport_express_base_station_firmware:4.0.9:*:*:*:*:*:*:*

cpe:2.3:h:apple:airport_express_base_station_firmware:6.1:*:*:*:*:*:*:*

cpe:2.3:h:apple:airport_express_base_station_firmware:6.3:*:*:*:*:*:*:*

cpe:2.3:h:apple:airport_express_base_station_firmware:7.3.2:*:*:*:*:*:*:*

cpe:2.3:h:apple:airport_express_base_station_firmware:7.4.1:*:*:*:*:*:*:*

cpe:2.3:h:apple:airport_extreme_base_station_firmware:5.5:*:*:*:*:*:*:*

cpe:2.3:h:apple:airport_extreme_base_station_firmware:5.7:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:apple:airport_express:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:airport_extreme:*:*:*:*:*:*:*:*

cpe:2.3:h:apple:time_capsule:*:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00307

Низкий

2.6 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-6j7w-4w4r-9xwr

github

почти 4 года назад