Vulnerability Details : CVE-2010-0039
The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
Exploit prediction scoring system (EPSS) score for CVE-2010-0039
Probability of exploitation activity in the next 30 days: 0.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0039
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST |
CWE ids for CVE-2010-0039
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0039
-
http://support.apple.com/kb/HT4298
About the security content of Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 - Apple SupportPatch;Vendor Advisory
-
http://www.securitytracker.com/id?1024907
Apple Time Capsule and AirPort Base Station Bugs Let Remote Users Deny Service or Access Ostensibly Protected Hosts - SecurityTracker
-
http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
Apple - Lists.apple.comPatch;Vendor Advisory
Products affected by CVE-2010-0039
- cpe:2.3:h:apple:airport_express:*:*:*:*:*:*:*:*
- cpe:2.3:h:apple:airport_extreme:*:*:*:*:*:*:*:*
- cpe:2.3:h:apple:time_capsule:*:*:*:*:*:*:*:*
- cpe:2.3:h:apple:airport_extreme_base_station_firmware:5.5:*:*:*:*:*:*:*
- cpe:2.3:h:apple:airport_extreme_base_station_firmware:5.7:*:*:*:*:*:*:*
- cpe:2.3:h:apple:airport_express_base_station_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:apple:airport_express_base_station_firmware:7.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:apple:airport_express_base_station_firmware:7.3.2:*:*:*:*:*:*:*
- cpe:2.3:h:apple:airport_express_base_station_firmware:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:h:apple:airport_express_base_station_firmware:3.84:*:*:*:*:*:*:*
- cpe:2.3:h:apple:airport_express_base_station_firmware:6.1:*:*:*:*:*:*:*
- cpe:2.3:h:apple:airport_express_base_station_firmware:6.3:*:*:*:*:*:*:*