Sign-up

ID

VAR-201004-0058


CVE

CVE-2009-2822


TITLE

AirPort Utility Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2010-001340

DESCRIPTION

AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. AirPort Utility is an application software for AirPort series wireless routers. The MAC address ACL did not propagate the network extender correctly. Allow unauthorized users to access networks restricted by MAC address ACLs. Apple AirPort Base Station is prone to a security-bypass vulnerability. This may lead to other attacks. AirPort Utility has security bypass and access control vulnerabilities. AirPort Utility 5.5.1 for Windows: http://support.apple.com/kb/DL954 AirPort Utility 5.5.1 for Mac: http://support.apple.com/kb/DL955 PROVIDED AND/OR DISCOVERED BY: The vendor credits Guido Lamberty. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3958 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2009-2822 // JVNDB: JVNDB-2010-001340 // CNVD: CNVD-2010-0503 // BID: 39134 // VULHUB: VHN-40268 // PACKETSTORM: 87952

AFFECTED PRODUCTS

vendor:applemodel:airport utilityscope:eqversion:5.3.1

Trust: 1.6

vendor:applemodel:airport utilityscope:eqversion:5.4.1

Trust: 1.6

vendor:applemodel:airport utilityscope:eqversion:5.3.2

Trust: 1.6

vendor:applemodel:airport utilityscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:airport utilityscope:lteversion:5.4.2

Trust: 1.0

vendor:applemodel:airport utilityscope:ltversion:5.5.1

Trust: 0.8

vendor:apple computermodel:airport utilityscope:eqversion:5.x

Trust: 0.6

vendor:applemodel:airport utilityscope:eqversion:5.4.2

Trust: 0.6

vendor:applemodel:airport base stationscope: - version: -

Trust: 0.3

vendor:applemodel:airport utilityscope:neversion:5.5.1

Trust: 0.3

sources: CNVD: CNVD-2010-0503 // BID: 39134 // JVNDB: JVNDB-2010-001340 // CNNVD: CNNVD-201004-058 // NVD: CVE-2009-2822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2822
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2822
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201004-058
value: MEDIUM

Trust: 0.6

VULHUB: VHN-40268
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2822
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40268
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40268 // JVNDB: JVNDB-2010-001340 // CNNVD: CNNVD-201004-058 // NVD: CVE-2009-2822

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-40268 // JVNDB: JVNDB-2010-001340 // NVD: CVE-2009-2822

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-058

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201004-058

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001340

PATCH
title:HT3958url:http://support.apple.com/kb/HT3958
Trust: 0.8
title:HT3958url:http://support.apple.com/kb/HT3958?viewlocale=ja_JP
Trust: 0.8
title:Patch for Apple AirPort Base Station Network Access Restriction Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/87
Trust: 0.6
title:About AirPort Utility 5.5.1 for Macurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4109
Trust: 0.6
title:About AirPort Utility 5.5.1 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4108
Trust: 0.6
title:About AirPort Utility 5.5.1 for Macurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4054
Trust: 0.6
title:About AirPort Utility 5.5.1 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4053
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2010-0503 // 
            
            
            
            JVNDB: JVNDB-2010-001340 // 
            
            
            
            CNNVD: CNNVD-201004-058

EXTERNAL IDS
db:NVDid:CVE-2009-2822
Trust: 3.4
db:BIDid:39134
Trust: 2.8
db:SECUNIAid:39160
Trust: 2.6
db:OSVDBid:63420
Trust: 2.5
db:SECTRACKid:1023801
Trust: 2.5
db:VUPENid:ADV-2010-0778
Trust: 2.5
db:JVNDBid:JVNDB-2010-001340
Trust: 0.8
db:CNNVDid:CNNVD-201004-058
Trust: 0.7
db:CNVDid:CNVD-2010-0503
Trust: 0.6
db:XFid:57434
Trust: 0.6
db:APPLEid:APPLE-SA-2010-03-31-1
Trust: 0.6
db:VULHUBid:VHN-40268
Trust: 0.1
db:PACKETSTORMid:87952
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0503 // 
            
            
            
            VULHUB: VHN-40268 // 
            
            
            
            BID: 39134 // 
            
            
            
            JVNDB: JVNDB-2010-001340 // 
            
            
            
            PACKETSTORM: 87952 // 
            
            
            
            CNNVD: CNNVD-201004-058 // 
            
            
            
            NVD: CVE-2009-2822

REFERENCES
url:http://www.securityfocus.com/bid/39134
Trust: 2.5
url:http://securitytracker.com/id?1023801
Trust: 2.5
url:http://secunia.com/advisories/39160
Trust: 2.5
url:http://www.vupen.com/english/advisories/2010/0778
Trust: 2.5
url:http://support.apple.com/kb/ht3958
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00004.html
Trust: 1.7
url:http://www.osvdb.org/63420
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/57434
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2822
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2822
Trust: 0.8
url:http://osvdb.org/63420
Trust: 0.8
url:http://support.apple.com/kb/ht3958http
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/57434
Trust: 0.6
url:http://software.cisco.com/download/navigator.html?mdfid=283613663
Trust: 0.3
url:http://support.apple.com/kb/dl955
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://support.apple.com/kb/dl954
Trust: 0.1
url:http://secunia.com/advisories/39160/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0503 // 
            
            
            
            VULHUB: VHN-40268 // 
            
            
            
            BID: 39134 // 
            
            
            
            JVNDB: JVNDB-2010-001340 // 
            
            
            
            PACKETSTORM: 87952 // 
            
            
            
            CNNVD: CNNVD-201004-058 // 
            
            
            
            NVD: CVE-2009-2822

CREDITS
Guido Lamberty
Trust: 0.3
sources:
            
            
            BID: 39134

SOURCES
db:CNVDid:CNVD-2010-0503
db:VULHUBid:VHN-40268
db:BIDid:39134
db:JVNDBid:JVNDB-2010-001340
db:PACKETSTORMid:87952
db:CNNVDid:CNNVD-201004-058
db:NVDid:CVE-2009-2822

LAST UPDATE DATE
2025-04-11T23:15:00.300000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-0503date:2010-04-02T00:00:00
db:VULHUBid:VHN-40268date:2017-08-17T00:00:00
db:BIDid:39134date:2010-03-31T00:00:00
db:JVNDBid:JVNDB-2010-001340date:2010-04-27T00:00:00
db:CNNVDid:CNNVD-201004-058date:2010-04-06T00:00:00
db:NVDid:CVE-2009-2822date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-0503date:2010-04-02T00:00:00
db:VULHUBid:VHN-40268date:2010-04-05T00:00:00
db:BIDid:39134date:2010-03-31T00:00:00
db:JVNDBid:JVNDB-2010-001340date:2010-04-27T00:00:00
db:PACKETSTORMid:87952date:2010-04-01T15:27:36
db:CNNVDid:CNNVD-201004-058date:2010-04-05T00:00:00
db:NVDid:CVE-2009-2822date:2010-04-05T16:30:00.407