Vulnerability Description
The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Airport Express Base Station Firmware | <= 7.4.2 |
| Apple | Airport Extreme Base Station Firmware | 5.5 |
| Apple | Airport Express | All versions |
| Apple | Airport Extreme | All versions |
| Apple | Time Capsule | All versions |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT4298PatchVendor Advisory
- http://www.securitytracker.com/id?1024907
- http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT4298PatchVendor Advisory
- http://www.securitytracker.com/id?1024907
FAQ
What is CVE-2010-0039?
CVE-2010-0039 is a vulnerability with a CVSS score of 2.6 (LOW). The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic,...
How severe is CVE-2010-0039?
CVE-2010-0039 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0039?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Airport Express Base Station Firmware, Apple Airport Extreme Base Station Firmware, Apple Airport Express, Apple Airport Extreme, Apple Time Capsule.