Vulnerability CVE-2009-2822


Published: 2010-04-05   Modified: 2012-02-13

Description:
AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Apple
Product: Airport utility 
Version:
5.4.2
5.4.1
5.3.2
5.3.1
5.0

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.vupen.com/english/advisories/2010/0778
http://www.securityfocus.com/bid/39134
http://support.apple.com/kb/HT3958
http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html
http://xforce.iss.net/xforce/xfdb/57434
http://www.osvdb.org/63420
http://securitytracker.com/id?1023801
http://secunia.com/advisories/39160

Related CVE
CVE-2018-4173
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
CVE-2018-4176
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image.
CVE-2018-4175
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.
CVE-2018-4174
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an incons...
CVE-2018-4172
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" f...
CVE-2018-4170
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.
CVE-2018-4168
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a lo...
CVE-2018-4167
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition al...

Copyright 2018, cxsecurity.com

 

Back to Top