Sign-up

ID

VAR-202010-0205


CVE

CVE-2019-8578


TITLE

Apple AirPort Base Station resource management error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-60819 // CNNVD: CNNVD-201905-1203

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. A resource management error vulnerability exists in Apple AirPort Base Stations using firmware versions prior to 7.9.1. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are currently provided. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56) AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-6918: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

Trust: 1.98

sources: NVD: CVE-2019-8578 // CNVD: CNVD-2020-60819 // BID: 108544 // VULMON: CVE-2019-8578 // PACKETSTORM: 153412 // PACKETSTORM: 153139

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-60819

AFFECTED PRODUCTS

vendor:applemodel:airport base stationscope:ltversion:7.8.1

Trust: 1.0

vendor:applemodel:airport base stationscope:ltversion:7.9.1

Trust: 0.6

vendor:applemodel:airport time capsulescope:eqversion:0

Trust: 0.3

vendor:applemodel:airport extremescope:eqversion:0

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.7.9

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.7.8

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.7.7

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.7.3

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.9

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.8

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.7

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.3

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.5.2

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.4.2

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.4.1

Trust: 0.3

vendor:applemodel:airport base stationscope:eqversion:7.3.2

Trust: 0.3

vendor:applemodel:airport base stationscope:neversion:7.9.1

Trust: 0.3

sources: CNVD: CNVD-2020-60819 // BID: 108544 // NVD: CVE-2019-8578

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8578
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2020-60819
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201905-1203
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-8578
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-8578
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2020-60819
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-8578
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2020-60819 // VULMON: CVE-2019-8578 // CNNVD: CNNVD-201905-1203 // NVD: CVE-2019-8578

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

sources: NVD: CVE-2019-8578

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1203

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201905-1203

PATCH

title:Patch for Apple AirPort Base Station resource management error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/238813

Trust: 0.6

title:Apple AirPort Base Station Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93082

Trust: 0.6

title:Apple: AirPort Base Station Firmware Update 7.9.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4e396c93a3f7c1fd40a880bc653cd339

Trust: 0.1

title:Apple: AirPort Base Station Firmware Update 7.8.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=090bc152f2e68c8c7a769527b999e073

Trust: 0.1

sources: CNVD: CNVD-2020-60819 // VULMON: CVE-2019-8578 // CNNVD: CNNVD-201905-1203

EXTERNAL IDS

db:NVDid:CVE-2019-8578

Trust: 2.8

db:BIDid:108544

Trust: 1.5

db:PACKETSTORMid:153412

Trust: 0.7

db:PACKETSTORMid:153139

Trust: 0.7

db:CNVDid:CNVD-2020-60819

Trust: 0.6

db:AUSCERTid:ESB-2019.1981

Trust: 0.6

db:AUSCERTid:ESB-2019.2277

Trust: 0.6

db:CNNVDid:CNNVD-201905-1203

Trust: 0.6

db:VULMONid:CVE-2019-8578

Trust: 0.1

sources: CNVD: CNVD-2020-60819 // VULMON: CVE-2019-8578 // BID: 108544 // PACKETSTORM: 153412 // PACKETSTORM: 153139 // CNNVD: CNNVD-201905-1203 // NVD: CVE-2019-8578

REFERENCES

url:https://support.apple.com/en-us/ht210090

Trust: 1.7

url:https://support.apple.com/en-us/ht210091

Trust: 1.7

url:http://www.securityfocus.com/bid/108544

Trust: 1.2

url:https://www.apple.com/

Trust: 0.9

url:https://support.apple.com/en-ie/ht210090

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-8578

Trust: 0.8

url:https://support.apple.com/en-au/ht210090

Trust: 0.6

url:https://support.apple.com/en-au/ht210091

Trust: 0.6

url:https://packetstormsecurity.com/files/153412/apple-security-advisory-2019-6-20-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1981/

Trust: 0.6

url:https://packetstormsecurity.com/files/153139/apple-security-advisory-2019-5-30-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2277/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8580

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8581

Trust: 0.2

url:https://support.apple.com/kb/ht201222

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8588

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-7291

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8575

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8572

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/161857

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-6918

Trust: 0.1

sources: CNVD: CNVD-2020-60819 // VULMON: CVE-2019-8578 // BID: 108544 // PACKETSTORM: 153412 // PACKETSTORM: 153139 // CNNVD: CNNVD-201905-1203 // NVD: CVE-2019-8578

CREDITS

joshua stein, Vince Cali (@0x56),Apple, Maxime Villard,Lucio Albornoz

Trust: 0.6

sources: CNNVD: CNNVD-201905-1203

SOURCES

db:CNVDid:CNVD-2020-60819
db:VULMONid:CVE-2019-8578
db:BIDid:108544
db:PACKETSTORMid:153412
db:PACKETSTORMid:153139
db:CNNVDid:CNNVD-201905-1203
db:NVDid:CVE-2019-8578

LAST UPDATE DATE

2024-11-23T20:32:19.563000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-60819date:2020-11-06T00:00:00
db:VULMONid:CVE-2019-8578date:2020-10-30T00:00:00
db:BIDid:108544date:2019-05-30T00:00:00
db:CNNVDid:CNNVD-201905-1203date:2020-11-02T00:00:00
db:NVDid:CVE-2019-8578date:2024-11-21T04:50:06.327

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-60819date:2020-11-06T00:00:00
db:VULMONid:CVE-2019-8578date:2020-10-27T00:00:00
db:BIDid:108544date:2019-05-30T00:00:00
db:PACKETSTORMid:153412date:2019-06-24T23:31:52
db:PACKETSTORMid:153139date:2019-05-30T17:02:22
db:CNNVDid:CNNVD-201905-1203date:2019-05-30T00:00:00
db:NVDid:CVE-2019-8578date:2020-10-27T20:15:15.627