CVE-2009-2189
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
22/12/2010
Last modified:
19/01/2011
Description
The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.
Impact
Base Score 2.0
6.10
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:apple:airport_express_base_station_firmware:*:*:*:*:*:*:*:* | 7.4.2 (including) | |
| cpe:2.3:h:apple:airport_express_base_station_firmware:3.84:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:airport_express_base_station_firmware:4.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:airport_express_base_station_firmware:6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:airport_express_base_station_firmware:6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:airport_express_base_station_firmware:7.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:airport_express_base_station_firmware:7.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:airport_extreme_base_station_firmware:5.5:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:airport_extreme_base_station_firmware:5.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:airport_express:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:airport_extreme:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:time_capsule:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page