Vulnerability Description
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Airport Express | 7.5 |
| Apple | Airport Extreme | 7.5 |
| Apple | Time Capsule | 7.5 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2010/Mar/106
- http://www.securityfocus.com/archive/1/509867/100/0/threaded
- http://www.securityfocus.com/archive/1/509974/100/0/threaded
- http://www.securityfocus.com/bid/38543Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56701
- http://seclists.org/fulldisclosure/2010/Mar/106
- http://www.securityfocus.com/archive/1/509867/100/0/threaded
- http://www.securityfocus.com/archive/1/509974/100/0/threaded
- http://www.securityfocus.com/bid/38543Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56701
FAQ
What is CVE-2010-0962?
CVE-2010-0962 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows rem...
How severe is CVE-2010-0962?
CVE-2010-0962 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0962?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Airport Express, Apple Airport Extreme, Apple Time Capsule.