Sign-up

ID

VAR-202010-0164


CVE

CVE-2019-8573


TITLE

Apple AirPort Base Station Firmware Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-25692

DESCRIPTION

An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service. Apple AirPort Base Station is a wireless router from Apple Inc. of the United States. A security vulnerability exists in the Apple AirPort Base Station firmware. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56) AirPort Base Station Firmware Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8578: Maxime Villard AirPort Base Station Firmware Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl0LwDUACgkQeC9tht7T K3E5Zg//Q3A/rWtm1UXqA/AUuCqDPIw/LBdHI3adiFy82OYvFMiH5uzsmePPF+aZ INKefZJpatkAw0gYISivHkPcV+TOsyYvB9b38wgRMxxXQiH1jqVCceYiCE/WIzS6 yJoffLRp/q6EtWc4drMPTsGV9T6CsSA40xcdmEjYzOYEDu6qlPzfIFS821Tbkj/8 FmIg1hghtSOu3agflYjyuk2Q8+dR7GVNJWWURdjCi1cKkhzTsAmB3yLTJ2IHD9i9 PEeYGCmA5QYuCoHzBBe/PQZrg0cTuNZkCyJZdI5jOD+UsHPqkDpOLpTLVjSYv7zR U/mXiMxPoXyBqaTcKpsc1OzLgAM5E2D+yF1Ln9tOrkR28rWW/XqpIhVrfQgibd5c zNB2JJALOh1SDvzNnB7ZbjWTOPzI/Fnig+TLG4oSOgh35gagh5n2H9sEGmy82KK/ VIABqNmiz1By0weWseG+nPoUAXENixnPaVw2nJ/JdGevpnMwmd0Rmob2I6+DIaeW MwjZMxwWSmH8PLuyBBJN6CPtpZp2W1fUDpFHqYwdbOkOzSa/dEqhXJOEKEX9E0KQ CrKAYDqBGjvKlz25llklR6do5DptiJLPluSNWDQj7DRqVsORfAx6o4pxlwrb4627 8aa2B4pK0B26K07e7Fe7+ydh6dYo/YzNfgxNDX4iFr1YDGaotVo=2YFH -----END PGP SIGNATURE-----

Trust: 1.62

sources: NVD: CVE-2019-8573 // CNVD: CNVD-2019-25692 // VULMON: CVE-2019-8573 // PACKETSTORM: 153412

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-25692

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.5

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:5.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:airport base stationscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-25692 // NVD: CVE-2019-8573

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8573
value: HIGH

Trust: 1.0

CNVD: CNVD-2019-25692
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-913
value: HIGH

Trust: 0.6

VULMON: CVE-2019-8573
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-8573
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2019-25692
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-8573
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-25692 // VULMON: CVE-2019-8573 // CNNVD: CNNVD-201906-913 // NVD: CVE-2019-8573

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2019-8573

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-913

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201906-913

PATCH

title:Patch for Apple AirPort Base Station Firmware Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/172781

Trust: 0.6

title:Apple AirPort Base Station Fixes for firmware security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94043

Trust: 0.6

sources: CNVD: CNVD-2019-25692 // CNNVD: CNNVD-201906-913

EXTERNAL IDS

db:NVDid:CVE-2019-8573

Trust: 2.4

db:PACKETSTORMid:153412

Trust: 1.3

db:AUSCERTid:ESB-2019.2277

Trust: 1.2

db:CNVDid:CNVD-2019-25692

Trust: 0.6

db:CNNVDid:CNNVD-201906-913

Trust: 0.6

db:VULMONid:CVE-2019-8573

Trust: 0.1

sources: CNVD: CNVD-2019-25692 // VULMON: CVE-2019-8573 // PACKETSTORM: 153412 // CNNVD: CNNVD-201906-913 // NVD: CVE-2019-8573

REFERENCES

url:https://support.apple.com/en-us/ht210118

Trust: 1.7

url:https://support.apple.com/en-us/ht210119

Trust: 1.7

url:https://support.apple.com/en-us/ht210122

Trust: 1.7

url:https://packetstormsecurity.com/files/153412/apple-security-advisory-2019-6-20-1.html

Trust: 1.2

url:https://support.apple.com/en-au/ht210091

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2019.2277/

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8573

Trust: 0.7

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/bugtraq/2019/jun/32

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8580

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8581

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8588

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8578

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-7291

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8575

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8572

Trust: 0.1

sources: CNVD: CNVD-2019-25692 // VULMON: CVE-2019-8573 // PACKETSTORM: 153412 // CNNVD: CNNVD-201906-913 // NVD: CVE-2019-8573

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 153412 // CNNVD: CNNVD-201906-913

SOURCES

db:CNVDid:CNVD-2019-25692
db:VULMONid:CVE-2019-8573
db:PACKETSTORMid:153412
db:CNNVDid:CNNVD-201906-913
db:NVDid:CVE-2019-8573

LAST UPDATE DATE

2024-11-23T20:34:25.999000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-25692date:2019-09-05T00:00:00
db:VULMONid:CVE-2019-8573date:2020-10-30T00:00:00
db:CNNVDid:CNNVD-201906-913date:2021-08-16T00:00:00
db:NVDid:CVE-2019-8573date:2024-11-21T04:50:05.750

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-25692date:2019-08-02T00:00:00
db:VULMONid:CVE-2019-8573date:2020-10-27T00:00:00
db:PACKETSTORMid:153412date:2019-06-24T23:31:52
db:CNNVDid:CNNVD-201906-913date:2019-06-24T00:00:00
db:NVDid:CVE-2019-8573date:2020-10-27T20:15:15.487