VAR-201004-0058
Vulnerability from variot - Updated: 2025-04-11 23:15AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. AirPort Utility is an application software for AirPort series wireless routers. The MAC address ACL did not propagate the network extender correctly. Allow unauthorized users to access networks restricted by MAC address ACLs. Apple AirPort Base Station is prone to a security-bypass vulnerability. This may lead to other attacks. AirPort Utility has security bypass and access control vulnerabilities.
AirPort Utility 5.5.1 for Windows: http://support.apple.com/kb/DL954
AirPort Utility 5.5.1 for Mac: http://support.apple.com/kb/DL955
PROVIDED AND/OR DISCOVERED BY: The vendor credits Guido Lamberty.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3958
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201004-0058",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airport utility",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.3.1"
},
{
"model": "airport utility",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.4.1"
},
{
"model": "airport utility",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.3.2"
},
{
"model": "airport utility",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "airport utility",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "5.4.2"
},
{
"model": "airport utility",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.5.1"
},
{
"model": "airport utility",
"scope": "eq",
"trust": 0.6,
"vendor": "apple computer",
"version": "5.x"
},
{
"model": "airport utility",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.4.2"
},
{
"model": "airport base station",
"scope": null,
"trust": 0.3,
"vendor": "apple",
"version": null
},
{
"model": "airport utility",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0503"
},
{
"db": "BID",
"id": "39134"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001340"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-058"
},
{
"db": "NVD",
"id": "CVE-2009-2822"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:airport_utility",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001340"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Guido Lamberty",
"sources": [
{
"db": "BID",
"id": "39134"
}
],
"trust": 0.3
},
"cve": "CVE-2009-2822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2009-2822",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-40268",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2822",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-2822",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201004-058",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-40268",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40268"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001340"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-058"
},
{
"db": "NVD",
"id": "CVE-2009-2822"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. AirPort Utility is an application software for AirPort series wireless routers. The MAC address ACL did not propagate the network extender correctly. Allow unauthorized users to access networks restricted by MAC address ACLs. Apple AirPort Base Station is prone to a security-bypass vulnerability. This may lead to other attacks. AirPort Utility has security bypass and access control vulnerabilities. \n\nAirPort Utility 5.5.1 for Windows:\nhttp://support.apple.com/kb/DL954\n\nAirPort Utility 5.5.1 for Mac:\nhttp://support.apple.com/kb/DL955\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Guido Lamberty. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3958\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2822"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001340"
},
{
"db": "CNVD",
"id": "CNVD-2010-0503"
},
{
"db": "BID",
"id": "39134"
},
{
"db": "VULHUB",
"id": "VHN-40268"
},
{
"db": "PACKETSTORM",
"id": "87952"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2822",
"trust": 3.4
},
{
"db": "BID",
"id": "39134",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "39160",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "63420",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1023801",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2010-0778",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001340",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201004-058",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-0503",
"trust": 0.6
},
{
"db": "XF",
"id": "57434",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2010-03-31-1",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-40268",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "87952",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0503"
},
{
"db": "VULHUB",
"id": "VHN-40268"
},
{
"db": "BID",
"id": "39134"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001340"
},
{
"db": "PACKETSTORM",
"id": "87952"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-058"
},
{
"db": "NVD",
"id": "CVE-2009-2822"
}
]
},
"id": "VAR-201004-0058",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-40268"
}
],
"trust": 0.48026314999999997
},
"last_update_date": "2025-04-11T23:15:00.300000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT3958",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3958"
},
{
"title": "HT3958",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3958?viewlocale=ja_JP"
},
{
"title": "Patch for Apple AirPort Base Station Network Access Restriction Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/87"
},
{
"title": "About AirPort Utility 5.5.1 for Mac",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4109"
},
{
"title": "About AirPort Utility 5.5.1 for Windows",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4108"
},
{
"title": "About AirPort Utility 5.5.1 for Mac",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4054"
},
{
"title": "About AirPort Utility 5.5.1 for Windows",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=4053"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0503"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001340"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40268"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001340"
},
{
"db": "NVD",
"id": "CVE-2009-2822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/39134"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1023801"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/39160"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2010/0778"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3958"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00004.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/63420"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57434"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2822"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2822"
},
{
"trust": 0.8,
"url": "http://osvdb.org/63420"
},
{
"trust": 0.6,
"url": "http://support.apple.com/kb/ht3958http"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/57434"
},
{
"trust": 0.3,
"url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/dl955"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/dl954"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/39160/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0503"
},
{
"db": "VULHUB",
"id": "VHN-40268"
},
{
"db": "BID",
"id": "39134"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001340"
},
{
"db": "PACKETSTORM",
"id": "87952"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-058"
},
{
"db": "NVD",
"id": "CVE-2009-2822"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0503"
},
{
"db": "VULHUB",
"id": "VHN-40268"
},
{
"db": "BID",
"id": "39134"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001340"
},
{
"db": "PACKETSTORM",
"id": "87952"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-058"
},
{
"db": "NVD",
"id": "CVE-2009-2822"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0503"
},
{
"date": "2010-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-40268"
},
{
"date": "2010-03-31T00:00:00",
"db": "BID",
"id": "39134"
},
{
"date": "2010-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001340"
},
{
"date": "2010-04-01T15:27:36",
"db": "PACKETSTORM",
"id": "87952"
},
{
"date": "2010-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201004-058"
},
{
"date": "2010-04-05T16:30:00.407000",
"db": "NVD",
"id": "CVE-2009-2822"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0503"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-40268"
},
{
"date": "2010-03-31T00:00:00",
"db": "BID",
"id": "39134"
},
{
"date": "2010-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001340"
},
{
"date": "2010-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201004-058"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2009-2822"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201004-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirPort Utility Vulnerable to access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001340"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201004-058"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…