Vulnerability-Lookup

CVE-2009-2822 (GCVE-0-2009-2822)

Vulnerability from cvelistv5 – Published: 2010-04-05 16:00 – Updated: 2024-08-07 06:07

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://securitytracker.com/id?1023801	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2010/0778	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/39134	vdb-entryx_refsource_BID
	http://support.apple.com/kb/HT3958	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/39160	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/63420	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:37.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-03-31-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"
          },
          {
            "name": "1023801",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023801"
          },
          {
            "name": "ADV-2010-0778",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0778"
          },
          {
            "name": "39134",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/39134"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3958"
          },
          {
            "name": "airportbasestation-acl-security-bypass(57434)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"
          },
          {
            "name": "39160",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39160"
          },
          {
            "name": "63420",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/63420"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-03-31-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"
        },
        {
          "name": "1023801",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023801"
        },
        {
          "name": "ADV-2010-0778",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0778"
        },
        {
          "name": "39134",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/39134"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3958"
        },
        {
          "name": "airportbasestation-acl-security-bypass(57434)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"
        },
        {
          "name": "39160",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39160"
        },
        {
          "name": "63420",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/63420"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2822",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-03-31-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"
            },
            {
              "name": "1023801",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023801"
            },
            {
              "name": "ADV-2010-0778",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0778"
            },
            {
              "name": "39134",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/39134"
            },
            {
              "name": "http://support.apple.com/kb/HT3958",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3958"
            },
            {
              "name": "airportbasestation-acl-security-bypass(57434)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"
            },
            {
              "name": "39160",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39160"
            },
            {
              "name": "63420",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/63420"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2822",
    "datePublished": "2010-04-05T16:00:00.000Z",
    "dateReserved": "2009-08-17T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:07:37.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2822\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-04-05T16:30:00.407\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.\"},{\"lang\":\"es\",\"value\":\"AirPort Utility anteriores a v5.5.1 para Apple AirPort Base Station no reparte listas de control de acceso (ACL) de direcciones MAC a los extendedores de redes, lo que permite a atacantes remotos saltarse la citadas restricciones de acceso a trav\u00e9s de un marco de autenticaci\u00f3n 802.11.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:airport_utility:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.4.2\",\"matchCriteriaId\":\"C2F999B5-C91C-43D2-8531-7CBB0DF86ECD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:airport_utility:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BA856F-6D42-42AC-B975-2A7927536E50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:airport_utility:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AB57FF2-5355-4206-AF27-846B3D5E2630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:airport_utility:5.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4F51A7-50DC-4392-9729-359AE02BEF66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:airport_utility:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28375618-90B2-4A94-BDFC-D960A3237F88\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:apple:airport_base_station:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E207B64-7129-48BD-9EAE-7773ECDDBBC0\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39160\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1023801\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3958\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/63420\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/39134\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0778\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/57434\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1023801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/63420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/39134\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0778\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/57434\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201004-0058

Vulnerability from variot - Updated: 2025-04-11 23:15

AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. AirPort Utility is an application software for AirPort series wireless routers. The MAC address ACL did not propagate the network extender correctly. Allow unauthorized users to access networks restricted by MAC address ACLs. Apple AirPort Base Station is prone to a security-bypass vulnerability. This may lead to other attacks. AirPort Utility has security bypass and access control vulnerabilities.

AirPort Utility 5.5.1 for Windows: http://support.apple.com/kb/DL954

AirPort Utility 5.5.1 for Mac: http://support.apple.com/kb/DL955

PROVIDED AND/OR DISCOVERED BY: The vendor credits Guido Lamberty.

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3958

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201004-0058",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "airport utility",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.3.1"
      },
      {
        "model": "airport utility",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.4.1"
      },
      {
        "model": "airport utility",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.3.2"
      },
      {
        "model": "airport utility",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "airport utility",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.4.2"
      },
      {
        "model": "airport utility",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.5.1"
      },
      {
        "model": "airport utility",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple computer",
        "version": "5.x"
      },
      {
        "model": "airport utility",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "5.4.2"
      },
      {
        "model": "airport base station",
        "scope": null,
        "trust": 0.3,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "airport utility",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.5.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0503"
      },
      {
        "db": "BID",
        "id": "39134"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2822"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:airport_utility",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Guido Lamberty",
    "sources": [
      {
        "db": "BID",
        "id": "39134"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2009-2822",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2009-2822",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-40268",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-2822",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-2822",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201004-058",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-40268",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2822"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. AirPort Utility is an application software for AirPort series wireless routers. The MAC address ACL did not propagate the network extender correctly. Allow unauthorized users to access networks restricted by MAC address ACLs. Apple AirPort Base Station is prone to a security-bypass vulnerability. This may lead to other attacks. AirPort Utility has security bypass and access control vulnerabilities. \n\nAirPort Utility 5.5.1 for Windows:\nhttp://support.apple.com/kb/DL954\n\nAirPort Utility 5.5.1 for Mac:\nhttp://support.apple.com/kb/DL955\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Guido Lamberty. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3958\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-2822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0503"
      },
      {
        "db": "BID",
        "id": "39134"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40268"
      },
      {
        "db": "PACKETSTORM",
        "id": "87952"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-2822",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "39134",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "39160",
        "trust": 2.6
      },
      {
        "db": "OSVDB",
        "id": "63420",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1023801",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0778",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-058",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0503",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "57434",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2010-03-31-1",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-40268",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "87952",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0503"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40268"
      },
      {
        "db": "BID",
        "id": "39134"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      },
      {
        "db": "PACKETSTORM",
        "id": "87952"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2822"
      }
    ]
  },
  "id": "VAR-201004-0058",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40268"
      }
    ],
    "trust": 0.48026314999999997
  },
  "last_update_date": "2025-04-11T23:15:00.300000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT3958",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3958"
      },
      {
        "title": "HT3958",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3958?viewlocale=ja_JP"
      },
      {
        "title": "Patch for Apple AirPort Base Station Network Access Restriction Bypass Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/87"
      },
      {
        "title": "About AirPort Utility 5.5.1 for Mac",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4109"
      },
      {
        "title": "About AirPort Utility 5.5.1 for Windows",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4108"
      },
      {
        "title": "About AirPort Utility 5.5.1 for Mac",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4054"
      },
      {
        "title": "About AirPort Utility 5.5.1 for Windows",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4053"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-058"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2822"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/39134"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1023801"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/39160"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2010/0778"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht3958"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/63420"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2822"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2822"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/63420"
      },
      {
        "trust": 0.6,
        "url": "http://support.apple.com/kb/ht3958http"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/57434"
      },
      {
        "trust": 0.3,
        "url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/dl955"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/dl954"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/39160/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0503"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40268"
      },
      {
        "db": "BID",
        "id": "39134"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      },
      {
        "db": "PACKETSTORM",
        "id": "87952"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2822"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0503"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40268"
      },
      {
        "db": "BID",
        "id": "39134"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      },
      {
        "db": "PACKETSTORM",
        "id": "87952"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2822"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-04-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-0503"
      },
      {
        "date": "2010-04-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-40268"
      },
      {
        "date": "2010-03-31T00:00:00",
        "db": "BID",
        "id": "39134"
      },
      {
        "date": "2010-04-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      },
      {
        "date": "2010-04-01T15:27:36",
        "db": "PACKETSTORM",
        "id": "87952"
      },
      {
        "date": "2010-04-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201004-058"
      },
      {
        "date": "2010-04-05T16:30:00.407000",
        "db": "NVD",
        "id": "CVE-2009-2822"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-04-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-0503"
      },
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-40268"
      },
      {
        "date": "2010-03-31T00:00:00",
        "db": "BID",
        "id": "39134"
      },
      {
        "date": "2010-04-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      },
      {
        "date": "2010-04-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201004-058"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2009-2822"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-058"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AirPort Utility Vulnerable to access restrictions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001340"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-058"
      }
    ],
    "trust": 0.6
  }
}

GHSA-67RF-55WQ-RPMF

Vulnerability from github – Published: 2022-05-02 03:38 – Updated: 2022-05-02 03:38

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2822"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-04-05T16:30:00Z",
    "severity": "MODERATE"
  },
  "details": "AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.",
  "id": "GHSA-67rf-55wq-rpmf",
  "modified": "2022-05-02T03:38:55Z",
  "published": "2022-05-02T03:38:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2822"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39160"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023801"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3958"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/63420"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/39134"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0778"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-2822

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-2822

Aliases

CVE-2009-2822

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2822",
    "description": "AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.",
    "id": "GSD-2009-2822"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2822"
      ],
      "details": "AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.",
      "id": "GSD-2009-2822",
      "modified": "2023-12-13T01:19:46.036970Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-2822",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2010-03-31-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"
          },
          {
            "name": "1023801",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023801"
          },
          {
            "name": "ADV-2010-0778",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0778"
          },
          {
            "name": "39134",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/39134"
          },
          {
            "name": "http://support.apple.com/kb/HT3958",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3958"
          },
          {
            "name": "airportbasestation-acl-security-bypass(57434)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"
          },
          {
            "name": "39160",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39160"
          },
          {
            "name": "63420",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/63420"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:airport_utility:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.4.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:airport_utility:5.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:airport_utility:5.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:airport_utility:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:airport_utility:5.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:apple:airport_base_station:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2822"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "63420",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/63420"
            },
            {
              "name": "39160",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/39160"
            },
            {
              "name": "ADV-2010-0778",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0778"
            },
            {
              "name": "39134",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/39134"
            },
            {
              "name": "APPLE-SA-2010-03-31-1",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"
            },
            {
              "name": "1023801",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023801"
            },
            {
              "name": "http://support.apple.com/kb/HT3958",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3958"
            },
            {
              "name": "airportbasestation-acl-security-bypass(57434)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:30Z",
      "publishedDate": "2010-04-05T16:30Z"
    }
  }
}

FKIE_CVE-2009-2822

Vulnerability from fkie_nvd - Published: 2010-04-05 16:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39160	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1023801
cve@mitre.org	http://support.apple.com/kb/HT3958	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/63420
cve@mitre.org	http://www.securityfocus.com/bid/39134	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0778	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/57434
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39160	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023801
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3958	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/63420
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/39134	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0778	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/57434

Impacted products

Vendor	Product	Version
apple	airport_utility	*
apple	airport_utility	5.0
apple	airport_utility	5.3.1
apple	airport_utility	5.3.2
apple	airport_utility	5.4.1
apple	airport_base_station	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:airport_utility:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F999B5-C91C-43D2-8531-7CBB0DF86ECD",
              "versionEndIncluding": "5.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:airport_utility:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BA856F-6D42-42AC-B975-2A7927536E50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:airport_utility:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AB57FF2-5355-4206-AF27-846B3D5E2630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:airport_utility:5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4F51A7-50DC-4392-9729-359AE02BEF66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:airport_utility:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28375618-90B2-4A94-BDFC-D960A3237F88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:apple:airport_base_station:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E207B64-7129-48BD-9EAE-7773ECDDBBC0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame."
    },
    {
      "lang": "es",
      "value": "AirPort Utility anteriores a v5.5.1 para Apple AirPort Base Station no reparte listas de control de acceso (ACL) de direcciones MAC a los extendedores de redes, lo que permite a atacantes remotos saltarse la citadas restricciones de acceso a trav\u00e9s de un marco de autenticaci\u00f3n 802.11."
    }
  ],
  "id": "CVE-2009-2822",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-04-05T16:30:00.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39160"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023801"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3958"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/63420"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/39134"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0778"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023801"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/63420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/39134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-2822 (GCVE-0-2009-2822)

VAR-201004-0058

GHSA-67RF-55WQ-RPMF

GSD-2009-2822

FKIE_CVE-2009-2822

Tags

Sightings

Nomenclature