VAR-200703-0045
Vulnerability from variot - Updated: 2023-12-18 11:38The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4. Airport Extreme is prone to a security bypass vulnerability.
Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/
TITLE: Apple AirPort Extreme Base Station Two Weaknesses
SECUNIA ADVISORY ID: SA24830
VERIFY ADVISORY: http://secunia.com/advisories/24830/
CRITICAL: Less critical
IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information
WHERE:
From remote
OPERATING SYSTEM: Apple Airport Extreme http://secunia.com/product/4504/
DESCRIPTION: Two weaknesses have been reported in Apple AirPort Extreme Base Station, which can be exploited by malicious people to bypass certain security restrictions or to disclose certain sensitive information.
2) An unspecified error in the AirPort Disk Feature of AirPort Extreme Base Stations with 802.11n can be exploited to disclose filenames on password-protected disks.
Successful exploitation of weakness #2 requires access to the local network.
SOLUTION: Update to firmware version 7.1. http://www.apple.com/support/downloads/airportextremebasestationwith80211nfirmware71.html
PROVIDED AND/OR DISCOVERED BY: 1) Iljitsch van Beijnum 2) Reported by the vendor
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305366
1) http://arstechnica.com/journals/apple.ars/2007/2/14/7063
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airport extreme",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "7.1"
},
{
"model": "airport extreme",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "86542"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001668"
},
{
"db": "NVD",
"id": "CVE-2007-1338"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-270"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:apple:airport_extreme:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1338"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "86542"
}
],
"trust": 0.3
},
"cve": "CVE-2007-1338",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-1338",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-24700",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-1338",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-270",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-24700",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24700"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001668"
},
{
"db": "NVD",
"id": "CVE-2007-1338"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the \"Block incoming IPv6 connections\" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4. Airport Extreme is prone to a security bypass vulnerability. \n\n----------------------------------------------------------------------\n\nSecunia customers receive relevant and filtered advisories. \nDelivery is done via different channels including SMS, Email, Web,\nand https based XML feed. \nhttp://corporate.secunia.com/trial/38/request/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple AirPort Extreme Base Station Two Weaknesses\n\nSECUNIA ADVISORY ID:\nSA24830\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24830/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of system information, Exposure of\nsensitive information\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Airport Extreme\nhttp://secunia.com/product/4504/\n\nDESCRIPTION:\nTwo weaknesses have been reported in Apple AirPort Extreme Base\nStation, which can be exploited by malicious people to bypass certain\nsecurity restrictions or to disclose certain sensitive information. \n\n2) An unspecified error in the AirPort Disk Feature of AirPort\nExtreme Base Stations with 802.11n can be exploited to disclose\nfilenames on password-protected disks. \n\nSuccessful exploitation of weakness #2 requires access to the local\nnetwork. \n\nSOLUTION:\nUpdate to firmware version 7.1. \nhttp://www.apple.com/support/downloads/airportextremebasestationwith80211nfirmware71.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Iljitsch van Beijnum\n2) Reported by the vendor\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=305366\n\n1) http://arstechnica.com/journals/apple.ars/2007/2/14/7063\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1338"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001668"
},
{
"db": "BID",
"id": "86542"
},
{
"db": "VULHUB",
"id": "VHN-24700"
},
{
"db": "PACKETSTORM",
"id": "55805"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1338",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1017889",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "24830",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "34843",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-1308",
"trust": 1.7
},
{
"db": "XF",
"id": "33526",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001668",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-270",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-04-09",
"trust": 0.6
},
{
"db": "XF",
"id": "6",
"trust": 0.6
},
{
"db": "BID",
"id": "86542",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-24700",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "55805",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24700"
},
{
"db": "BID",
"id": "86542"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001668"
},
{
"db": "PACKETSTORM",
"id": "55805"
},
{
"db": "NVD",
"id": "CVE-2007-1338"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-270"
}
]
},
"id": "VAR-200703-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24700"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:38:16.594000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2007-04-09",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2007/apr/msg00000.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1338"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://docs.info.apple.com/article.html?artnum=305366"
},
{
"trust": 2.1,
"url": "http://arstechnica.com/journals/apple.ars/2007/2/14/7063"
},
{
"trust": 2.0,
"url": "http://lists.apple.com/archives/security-announce/2007/apr/msg00000.html"
},
{
"trust": 2.0,
"url": "http://www.securitytracker.com/id?1017889"
},
{
"trust": 1.7,
"url": "http://osvdb.org/34843"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24830"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/1308"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33526"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/33526"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1338"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1338"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/1308"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/trial/38/request/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/airportextremebasestationwith80211nfirmware71.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24830/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4504/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24700"
},
{
"db": "BID",
"id": "86542"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001668"
},
{
"db": "PACKETSTORM",
"id": "55805"
},
{
"db": "NVD",
"id": "CVE-2007-1338"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-24700"
},
{
"db": "BID",
"id": "86542"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001668"
},
{
"db": "PACKETSTORM",
"id": "55805"
},
{
"db": "NVD",
"id": "CVE-2007-1338"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-24700"
},
{
"date": "2007-03-08T00:00:00",
"db": "BID",
"id": "86542"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001668"
},
{
"date": "2007-04-11T02:12:21",
"db": "PACKETSTORM",
"id": "55805"
},
{
"date": "2007-03-08T22:19:00",
"db": "NVD",
"id": "CVE-2007-1338"
},
{
"date": "2007-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-24700"
},
{
"date": "2007-03-08T00:00:00",
"db": "BID",
"id": "86542"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001668"
},
{
"date": "2017-07-29T01:30:44.487000",
"db": "NVD",
"id": "CVE-2007-1338"
},
{
"date": "2007-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-270"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-270"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple AirPort Extreme of AirPort Vulnerability that bypasses access restrictions in utility default settings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001668"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-270"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…