CVE-2010-1804 - OpenCVE

Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Airport Express Airport Express Base Station Firmware Airport Extreme Airport Extreme Base Station Firmware Time Capsule

Configuration 1 [-]

AND

OR	cpe:2.3:h:apple:airport_express_base_station_firmware::::::::
	cpe:2.3:h:apple:airport_express_base_station_firmware:3.84:::::::*
	cpe:2.3:h:apple:airport_express_base_station_firmware:4.0.9:::::::*
	cpe:2.3:h:apple:airport_express_base_station_firmware:6.1:::::::*
	cpe:2.3:h:apple:airport_express_base_station_firmware:6.3:::::::*
	cpe:2.3:h:apple:airport_express_base_station_firmware:7.3.2:::::::*
	cpe:2.3:h:apple:airport_express_base_station_firmware:7.4.1:::::::*
	cpe:2.3:h:apple:airport_extreme_base_station_firmware:5.5:::::::*
	cpe:2.3:h:apple:airport_extreme_base_station_firmware:5.7:::::::*

OR	cpe:2.3:h:apple:airport_express::::::::
	cpe:2.3:h:apple:airport_extreme::::::::
	cpe:2.3:h:apple:time_capsule::::::::

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
http://support.apple.com/kb/HT4298
http://www.securitytracker.com/id?1024907

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2010-12-22T01:00:00

Updated: 2024-08-07T01:35:53.664Z

Reserved: 2010-05-06T00:00:00

Link: CVE-2010-1804

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-12-22T03:00:01.437

Modified: 2011-01-19T06:57:24.977

Link: CVE-2010-1804

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-01-19T10:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "APPLE-SA-2010-12-16-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4298"}, {"name": "1024907", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024907"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2010-1804", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2010-12-16-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"}, {"name": "http://support.apple.com/kb/HT4298", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4298"}, {"name": "1024907", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024907"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:35:53.664Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2010-12-16-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4298"}, {"name": "1024907", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024907"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2010-1804", "datePublished": "2010-12-22T01:00:00", "dateReserved": "2010-05-06T00:00:00", "dateUpdated": "2024-08-07T01:35:53.664Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:apple:airport_express_base_station_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9226648-A35A-48C7-97B2-B641AF1AC064", "versionEndIncluding": "7.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:airport_express_base_station_firmware:3.84:*:*:*:*:*:*:*", "matchCriteriaId": "5BE83F1E-AE73-4EA3-BB24-00AB2CD5E5AE", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:airport_express_base_station_firmware:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "EDFC5591-5F55-414F-99EC-EF560F131A01", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:airport_express_base_station_firmware:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "A9263C8C-E71C-4922-ABCD-ED71AACE2C6A", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:airport_express_base_station_firmware:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "64341069-B93B-48F3-946F-4248231B6AA7", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:airport_express_base_station_firmware:7.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "508DE2BA-DCA6-4249-B534-30EEFA2548FE", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:airport_express_base_station_firmware:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "3333BFC0-037A-4926-BCBE-C0F0C1204B89", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:airport_extreme_base_station_firmware:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "3420DD2D-4B5B-4112-AE49-20FA97608495", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:airport_extreme_base_station_firmware:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "546C47A2-D8CE-4341-968A-051F81BAF904", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:apple:airport_express:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2C90704-400C-4BA2-9CF5-96C3A42B620E", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:airport_extreme:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0B25975-DD1E-430F-9AB0-F363E4BF743B", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:time_capsule:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECA814FD-FE33-44E3-9A40-805E6C9C4ED9", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply."}, {"lang": "es", "value": "Vulnerabilidad no especificada en la funcionalidad network bridge en Apple Time Capsule, AirPort Extreme Base Station, y AirPort Express Base Station con firmware anterior a v7.5.2 permite a los atacantes remotos causar una denegcai\u00f3n de servicio (desconexi\u00f3n de red) a trav\u00e9s de peticiones DHCP manipuladas."}], "id": "CVE-2010-1804", "lastModified": "2011-01-19T06:57:24.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-22T03:00:01.437", "references": [{"source": "product-security@apple.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"}, {"source": "product-security@apple.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.apple.com/kb/HT4298"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id?1024907"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}