Sign-up

ID

VAR-202010-0156


CVE

CVE-2019-7291


TITLE

Apple AirPort Base Station Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-65933

DESCRIPTION

A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56) AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-6918: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

Trust: 1.98

sources: NVD: CVE-2019-7291 // CNVD: CNVD-2020-65933 // BID: 108544 // VULMON: CVE-2019-7291 // PACKETSTORM: 153412 // PACKETSTORM: 153139

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-65933

AFFECTED PRODUCTS

vendor:applemodel:airport base stationscope:ltversion:7.8.1

Trust: 1.0

vendor:applemodel:airport base stationscope:ltversion:7.9.1

Trust: 0.6

vendor:applemodel:airport time capsulescope:eqversion:0

Trust: 0.3

vendor:applemodel:airport extremescope:eqversion:0

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.7.9

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.7.8

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.7.7

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.7.3

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.9

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.8

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.7

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.3

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.5.2

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.4.2

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.4.1

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.3.2

Trust: 0.3

vendor:applemodel:airport base stationscope:neversion:7.9.1

Trust: 0.3

sources: CNVD: CNVD-2020-65933 // BID: 108544 // NVD: CVE-2019-7291

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7291
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2020-65933
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-1206
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-7291
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-7291
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2020-65933
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-7291
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2020-65933 // VULMON: CVE-2019-7291 // CNNVD: CNNVD-201905-1206 // NVD: CVE-2019-7291

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2019-7291

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1206

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201905-1206

PATCH

title:Patch for Apple AirPort Base Station Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/240874

Trust: 0.6

title:Apple AirPort Base Station Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93085

Trust: 0.6

title:Apple: AirPort Base Station Firmware Update 7.9.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4e396c93a3f7c1fd40a880bc653cd339

Trust: 0.1

title:Apple: AirPort Base Station Firmware Update 7.8.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=090bc152f2e68c8c7a769527b999e073

Trust: 0.1

sources: CNVD: CNVD-2020-65933 // VULMON: CVE-2019-7291 // CNNVD: CNNVD-201905-1206

EXTERNAL IDS

db:NVDid:CVE-2019-7291

Trust: 2.8

db:BIDid:108544

Trust: 1.5

db:PACKETSTORMid:153412

Trust: 0.7

db:PACKETSTORMid:153139

Trust: 0.7

db:CNVDid:CNVD-2020-65933

Trust: 0.6

db:AUSCERTid:ESB-2019.1981

Trust: 0.6

db:AUSCERTid:ESB-2019.2277

Trust: 0.6

db:CNNVDid:CNNVD-201905-1206

Trust: 0.6

db:VULMONid:CVE-2019-7291

Trust: 0.1

sources: CNVD: CNVD-2020-65933 // VULMON: CVE-2019-7291 // BID: 108544 // PACKETSTORM: 153412 // PACKETSTORM: 153139 // CNNVD: CNNVD-201905-1206 // NVD: CVE-2019-7291

REFERENCES

url:https://support.apple.com/en-us/ht210090

Trust: 1.7

url:https://support.apple.com/en-us/ht210091

Trust: 1.7

url:http://www.securityfocus.com/bid/108544

Trust: 1.2

url:https://www.apple.com/

Trust: 0.9

url:https://support.apple.com/en-ie/ht210090

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-7291

Trust: 0.8

url:https://support.apple.com/en-au/ht210090

Trust: 0.6

url:https://support.apple.com/en-au/ht210091

Trust: 0.6

url:https://packetstormsecurity.com/files/153412/apple-security-advisory-2019-6-20-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1981/

Trust: 0.6

url:https://packetstormsecurity.com/files/153139/apple-security-advisory-2019-5-30-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2277/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8580

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8581

Trust: 0.2

url:https://support.apple.com/kb/ht201222

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8588

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8578

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8575

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8572

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/162009

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-6918

Trust: 0.1

sources: CNVD: CNVD-2020-65933 // VULMON: CVE-2019-7291 // BID: 108544 // PACKETSTORM: 153412 // PACKETSTORM: 153139 // CNNVD: CNNVD-201905-1206 // NVD: CVE-2019-7291

CREDITS

joshua stein, Vince Cali (@0x56), Maxime Villard,Apple, Vince Cali,Lucio Albornoz

Trust: 0.6

sources: CNNVD: CNNVD-201905-1206

SOURCES

db:CNVDid:CNVD-2020-65933
db:VULMONid:CVE-2019-7291
db:BIDid:108544
db:PACKETSTORMid:153412
db:PACKETSTORMid:153139
db:CNNVDid:CNNVD-201905-1206
db:NVDid:CVE-2019-7291

LAST UPDATE DATE

2024-11-23T21:02:58.406000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-65933date:2020-11-24T00:00:00
db:VULMONid:CVE-2019-7291date:2020-10-29T00:00:00
db:BIDid:108544date:2019-05-30T00:00:00
db:CNNVDid:CNNVD-201905-1206date:2020-10-30T00:00:00
db:NVDid:CVE-2019-7291date:2024-11-21T04:47:56.390

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-65933date:2020-11-24T00:00:00
db:VULMONid:CVE-2019-7291date:2020-10-27T00:00:00
db:BIDid:108544date:2019-05-30T00:00:00
db:PACKETSTORMid:153412date:2019-06-24T23:31:52
db:PACKETSTORMid:153139date:2019-05-30T17:02:22
db:CNNVDid:CNNVD-201905-1206date:2019-05-30T00:00:00
db:NVDid:CVE-2019-7291date:2020-10-27T20:15:14.580