VAR-201003-0321
Vulnerability from variot - Updated: 2023-12-18 12:22The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. Multiple Apple wireless products are prone to a security-bypass vulnerability. An attacker can exploit this issue to perform anonymous port scans on a victim's computer and send unsolicited emails and news. Other attacks are also possible. The following products are affected: Airport Express Firmware version 7.5 Airport Extreme Firmware version 7.5 Time Capsule Firmware version 7.5 Other products and versions may also be affected. An Apple AirPort device is a wireless access point that provides 802.11 services to network clients. The direct impact of this vulnerability is that for Airpor products that provide NAT to internal clients, users who can access the external forwarded FTP ports of these products can perform FTP server operations within the NAT by sending data to arbitrary addresses and ports
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201003-0321",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "time capsule",
"scope": "eq",
"trust": 2.7,
"vendor": "apple",
"version": "7.5"
},
{
"model": "airport extreme",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "7.5"
},
{
"model": "airport express",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.5"
},
{
"model": "airmac express",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "time capsule",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.2"
},
{
"model": "time capsule",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "airport extreme",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.2"
},
{
"model": "airport extreme",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "airport express",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003890"
},
{
"db": "NVD",
"id": "CVE-2010-0962"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-156"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:apple:airport_express:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:apple:airport_extreme:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:apple:time_capsule:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0962"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sabahattin Gucukoglu mail@sabahattin-gucukoglu.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201003-156"
}
],
"trust": 0.6
},
"cve": "CVE-2010-0962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-0962",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-43567",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-0962",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201003-156",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-43567",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43567"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003890"
},
{
"db": "NVD",
"id": "CVE-2010-0962"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-156"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. Multiple Apple wireless products are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to perform anonymous port scans on a victim\u0027s computer and send unsolicited emails and news. Other attacks are also possible. \nThe following products are affected:\nAirport Express Firmware version 7.5\nAirport Extreme Firmware version 7.5\nTime Capsule Firmware version 7.5\nOther products and versions may also be affected. An Apple AirPort device is a wireless access point that provides 802.11 services to network clients. The direct impact of this vulnerability is that for Airpor products that provide NAT to internal clients, users who can access the external forwarded FTP ports of these products can perform FTP server operations within the NAT by sending data to arbitrary addresses and ports",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0962"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003890"
},
{
"db": "BID",
"id": "38543"
},
{
"db": "VULHUB",
"id": "VHN-43567"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-0962",
"trust": 2.8
},
{
"db": "BID",
"id": "38543",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003890",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201003-156",
"trust": 0.7
},
{
"db": "XF",
"id": "56701",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "14622",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100309 RE: APPLE AIRPORT WIRELESS PRODUCTS: PROMISCUOUS FTP PORT ALLOWED IN FTP PROXY PROVIDES SECURITY BYPASS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100304 APPLE AIRPORT WIRELESS PRODUCTS: PROMISCUOUS FTP PORT ALLOWED IN FTP PROXY PROVIDES SECURITY BYPASS",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20100304 APPLE AIRPORT WIRELESS PRODUCTS: PROMISCUOUS FTP PORT ALLOWED IN FTP PROXY PROVIDES SECURITY BYPASS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-43567",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43567"
},
{
"db": "BID",
"id": "38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003890"
},
{
"db": "NVD",
"id": "CVE-2010-0962"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-156"
}
]
},
"id": "VAR-201003-0321",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-43567"
}
],
"trust": 0.54479167
},
"last_update_date": "2023-12-18T12:22:38.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apple.com/airportextreme/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003890"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43567"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003890"
},
{
"db": "NVD",
"id": "CVE-2010-0962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/38543"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2010/mar/106"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/509867/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/509974/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56701"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0962"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0962"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/56701"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/509974/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/509867/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/14622"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
},
{
"trust": 0.3,
"url": "/archive/1/509867"
},
{
"trust": 0.3,
"url": "/archive/1/509974"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43567"
},
{
"db": "BID",
"id": "38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003890"
},
{
"db": "NVD",
"id": "CVE-2010-0962"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-156"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-43567"
},
{
"db": "BID",
"id": "38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003890"
},
{
"db": "NVD",
"id": "CVE-2010-0962"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-156"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-43567"
},
{
"date": "2010-03-04T00:00:00",
"db": "BID",
"id": "38543"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003890"
},
{
"date": "2010-03-10T22:30:01.467000",
"db": "NVD",
"id": "CVE-2010-0962"
},
{
"date": "2010-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201003-156"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-43567"
},
{
"date": "2015-04-13T21:02:00",
"db": "BID",
"id": "38543"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003890"
},
{
"date": "2018-10-10T19:55:11.167000",
"db": "NVD",
"id": "CVE-2010-0962"
},
{
"date": "2010-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201003-156"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201003-156"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple AirPort Express Such as FTP Intranet on proxy server FTP From the server TCP Vulnerability to be transferred",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003890"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201003-156"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…