Vulnerability Description
The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Airport Express Base Station Firmware | <= 7.4.2 |
| Apple | Airport Extreme Base Station Firmware | 5.5 |
| Apple | Airport Express | All versions |
| Apple | Airport Extreme | All versions |
| Apple | Time Capsule | All versions |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT4298PatchVendor Advisory
- http://www.securitytracker.com/id?1024907
- http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT4298PatchVendor Advisory
- http://www.securitytracker.com/id?1024907
FAQ
What is CVE-2009-2189?
CVE-2009-2189 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (...
How severe is CVE-2009-2189?
CVE-2009-2189 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2189?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Airport Express Base Station Firmware, Apple Airport Extreme Base Station Firmware, Apple Airport Express, Apple Airport Extreme, Apple Time Capsule.