Details of VAR-202010-0163

ID

VAR-202010-0163

CVE

CVE-2019-8572

TITLE

Apple AirPort Base Station code issue vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-60820

DESCRIPTION

A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. The vulnerability stems from improper design or implementation in the code development process of network systems or products. No detailed vulnerability details are currently provided. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

Trust: 1.98

sources: NVD: CVE-2019-8572 // CNVD: CNVD-2020-60820 // BID: 108544 // VULMON: CVE-2019-8572 // PACKETSTORM: 153412 // PACKETSTORM: 153139

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-60820

AFFECTED PRODUCTS

vendor:	apple	model:	airport base station	scope:	lt	version:	7.8.1	Trust: 1.0
vendor:	apple	model:	airport base station	scope:	lt	version:	7.9.1	Trust: 0.6
vendor:	apple	model:	airport time capsule	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	airport extreme	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.7.9	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.7.8	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.7.7	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.7.3	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6.9	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6.8	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6.7	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6.4	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6.3	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6.2	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6.1	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.5.2	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.4.2	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.4.1	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	eq	version:	7.3.2	Trust: 0.3
vendor:	apple	model:	airport base station	scope:	ne	version:	7.9.1	Trust: 0.3

sources: CNVD: CNVD-2020-60820 // BID: 108544 // NVD: CVE-2019-8572

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8572
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2020-60820
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201905-1205
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2019-8572
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-8572
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2020-60820
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-8572
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2020-60820 // VULMON: CVE-2019-8572 // CNNVD: CNNVD-201905-1205 // NVD: CVE-2019-8572

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.0

sources: NVD: CVE-2019-8572

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1205

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-1205

PATCH

title:	Patch for Apple AirPort Base Station code issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/238804	Trust: 0.6
title:	Apple AirPort Base Station Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93084	Trust: 0.6
title:	Apple: AirPort Base Station Firmware Update 7.9.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4e396c93a3f7c1fd40a880bc653cd339	Trust: 0.1
title:	Apple: AirPort Base Station Firmware Update 7.8.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=090bc152f2e68c8c7a769527b999e073	Trust: 0.1

sources: CNVD: CNVD-2020-60820 // VULMON: CVE-2019-8572 // CNNVD: CNNVD-201905-1205

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8572	Trust: 2.8
db:	BID	id:	108544	Trust: 1.5
db:	PACKETSTORM	id:	153412	Trust: 0.7
db:	PACKETSTORM	id:	153139	Trust: 0.7
db:	CNVD	id:	CNVD-2020-60820	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1981	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2277	Trust: 0.6
db:	CNNVD	id:	CNNVD-201905-1205	Trust: 0.6
db:	VULMON	id:	CVE-2019-8572	Trust: 0.1

sources: CNVD: CNVD-2020-60820 // VULMON: CVE-2019-8572 // BID: 108544 // PACKETSTORM: 153412 // PACKETSTORM: 153139 // CNNVD: CNNVD-201905-1205 // NVD: CVE-2019-8572

REFERENCES

url:	https://support.apple.com/en-us/ht210090	Trust: 1.7
url:	https://support.apple.com/en-us/ht210091	Trust: 1.7
url:	http://www.securityfocus.com/bid/108544	Trust: 1.2
url:	https://www.apple.com/	Trust: 0.9
url:	https://support.apple.com/en-ie/ht210090	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8572	Trust: 0.8
url:	https://support.apple.com/en-au/ht210090	Trust: 0.6
url:	https://support.apple.com/en-au/ht210091	Trust: 0.6
url:	https://packetstormsecurity.com/files/153412/apple-security-advisory-2019-6-20-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1981/	Trust: 0.6
url:	https://packetstormsecurity.com/files/153139/apple-security-advisory-2019-5-30-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2277/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8580	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8581	Trust: 0.2
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8588	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8578	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7291	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8575	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/476.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/162008	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8573	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6918	Trust: 0.1

sources: CNVD: CNVD-2020-60820 // VULMON: CVE-2019-8572 // BID: 108544 // PACKETSTORM: 153412 // PACKETSTORM: 153139 // CNNVD: CNNVD-201905-1205 // NVD: CVE-2019-8572

CREDITS

joshua stein, Vince Cali (@0x56),Apple, Maxime Villard, Vince Cali,Lucio Albornoz

Trust: 0.6

sources: CNNVD: CNNVD-201905-1205

SOURCES

db:	CNVD	id:	CNVD-2020-60820
db:	VULMON	id:	CVE-2019-8572
db:	BID	id:	108544
db:	PACKETSTORM	id:	153412
db:	PACKETSTORM	id:	153139
db:	CNNVD	id:	CNNVD-201905-1205
db:	NVD	id:	CVE-2019-8572

LAST UPDATE DATE

2024-11-23T20:42:41.764000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-60820	date:	2020-11-06T00:00:00
db:	VULMON	id:	CVE-2019-8572	date:	2020-10-30T00:00:00
db:	BID	id:	108544	date:	2019-05-30T00:00:00
db:	CNNVD	id:	CNNVD-201905-1205	date:	2020-11-02T00:00:00
db:	NVD	id:	CVE-2019-8572	date:	2024-11-21T04:50:05.643

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-60820	date:	2020-11-06T00:00:00
db:	VULMON	id:	CVE-2019-8572	date:	2020-10-27T00:00:00
db:	BID	id:	108544	date:	2019-05-30T00:00:00
db:	PACKETSTORM	id:	153412	date:	2019-06-24T23:31:52
db:	PACKETSTORM	id:	153139	date:	2019-05-30T17:02:22
db:	CNNVD	id:	CNNVD-201905-1205	date:	2019-05-30T00:00:00
db:	NVD	id:	CVE-2019-8572	date:	2020-10-27T20:15:15.423