cvelistv5 - cve-2019-8578

CVE-2019-8578 (GCVE-0-2019-8578)

Vulnerability from cvelistv5

Published

2020-10-27 19:27

Modified

2024-08-04 21:24

Severity ?

CWE

A remote attacker may be able to cause arbitrary code execution

Summary

A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.

References

URL

Tags

product-security@apple.com	https://support.apple.com/en-us/HT210090	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT210091	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT210090	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT210091	Vendor Advisory

Impacted products

Vendor

Product

Version

Apple

AirPort Base Station Firmware Update

Version: unspecified < 7.9

Apple

AirPort Base Station Firmware Update

Version: unspecified < 7.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:24:29.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT210090"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT210091"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AirPort Base Station Firmware Update",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "7.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "AirPort Base Station Firmware Update",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "7.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A remote attacker may be able to cause arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-27T19:27:13",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT210090"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT210091"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8578",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AirPort Base Station Firmware Update",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "AirPort Base Station Firmware Update",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A remote attacker may be able to cause arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT210090",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT210090"
            },
            {
              "name": "https://support.apple.com/en-us/HT210091",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT210091"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8578",
    "datePublished": "2020-10-27T19:27:13",
    "dateReserved": "2019-02-18T00:00:00",
    "dateUpdated": "2024-08-04T21:24:29.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-8578\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-10-27T20:15:15.627\",\"lastModified\":\"2024-11-21T04:50:06.327\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de uso de la memoria previamente liberada con una administraci\u00f3n de la memoria mejorada.\u0026#xa0;Este problema se corrigi\u00f3 en AirPort Base Station Firmware Update versi\u00f3n 7.8.1, AirPort Base Station Firmware Update versi\u00f3n 7.9.1.\u0026#xa0;Un atacante remoto puede ser capaz de causar una ejecuci\u00f3n de c\u00f3digo arbitraria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:airport_base_station_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.8.1\",\"matchCriteriaId\":\"B3A1D1EF-0D7B-4D85-92D2-6DB8843186DB\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT210090\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210091\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210090\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

fkie_cve-2019-8578

Vulnerability from fkie_nvd

Published

2020-10-27 20:15

Modified

2024-11-21 04:50

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT210090	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT210091	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT210090	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT210091	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	airport_base_station_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:airport_base_station_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A1D1EF-0D7B-4D85-92D2-6DB8843186DB",
              "versionEndExcluding": "7.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de uso de la memoria previamente liberada con una administraci\u00f3n de la memoria mejorada.\u0026#xa0;Este problema se corrigi\u00f3 en AirPort Base Station Firmware Update versi\u00f3n 7.8.1, AirPort Base Station Firmware Update versi\u00f3n 7.9.1.\u0026#xa0;Un atacante remoto puede ser capaz de causar una ejecuci\u00f3n de c\u00f3digo arbitraria"
    }
  ],
  "id": "CVE-2019-8578",
  "lastModified": "2024-11-21T04:50:06.327",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-27T20:15:15.627",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210090"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210091"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-288

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Apple AirPort. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	AirPort Express, AirPort Extreme et AirPort Time Capsule base stations avec 802.11n sans la mise à jour du microgiciel version 7.8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT210091 du 20 juin 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AirPort Express, AirPort Extreme et AirPort Time Capsule base stations avec 802.11n sans la mise \u00e0 jour du microgiciel version 7.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8575"
    },
    {
      "name": "CVE-2018-6918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6918"
    },
    {
      "name": "CVE-2019-8588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8588"
    },
    {
      "name": "CVE-2019-7291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7291"
    },
    {
      "name": "CVE-2019-8580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8580"
    },
    {
      "name": "CVE-2019-8572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8572"
    },
    {
      "name": "CVE-2019-8581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8581"
    },
    {
      "name": "CVE-2019-8578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8578"
    }
  ],
  "initial_release_date": "2019-06-21T00:00:00",
  "last_revision_date": "2019-06-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-288",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-06-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple AirPort.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple AirPort",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210091 du 20 juin 2019",
      "url": "https://support.apple.com/en-us/HT210091"
    }
  ]
}

CERTFR-2019-AVI-241

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	AirPort Base Station microgiciel versions antérieures à 7.9.1
Apple	N/A	iTunes pour Windows versions antérieures à 12.9.5
Apple	N/A	iCloud pour Windows versions antérieures à 7.12

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT210125 du 28 mai 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210090 du 30 mai 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210124 du 28 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AirPort Base Station microgiciel versions ant\u00e9rieures \u00e0 7.9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes pour Windows versions ant\u00e9rieures \u00e0 12.9.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8575"
    },
    {
      "name": "CVE-2019-8596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8596"
    },
    {
      "name": "CVE-2019-8595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8595"
    },
    {
      "name": "CVE-2019-8615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8615"
    },
    {
      "name": "CVE-2019-8609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8609"
    },
    {
      "name": "CVE-2019-8571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8571"
    },
    {
      "name": "CVE-2019-8577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8577"
    },
    {
      "name": "CVE-2018-6918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6918"
    },
    {
      "name": "CVE-2019-8600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8600"
    },
    {
      "name": "CVE-2019-8588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8588"
    },
    {
      "name": "CVE-2019-8608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8608"
    },
    {
      "name": "CVE-2019-8602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8602"
    },
    {
      "name": "CVE-2019-7291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7291"
    },
    {
      "name": "CVE-2019-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6237"
    },
    {
      "name": "CVE-2019-8597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8597"
    },
    {
      "name": "CVE-2019-8611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8611"
    },
    {
      "name": "CVE-2019-8623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8623"
    },
    {
      "name": "CVE-2019-8622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8622"
    },
    {
      "name": "CVE-2019-8580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8580"
    },
    {
      "name": "CVE-2019-8587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8587"
    },
    {
      "name": "CVE-2019-8619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8619"
    },
    {
      "name": "CVE-2019-8610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8610"
    },
    {
      "name": "CVE-2019-8628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8628"
    },
    {
      "name": "CVE-2019-8601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8601"
    },
    {
      "name": "CVE-2019-8583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8583"
    },
    {
      "name": "CVE-2019-8572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8572"
    },
    {
      "name": "CVE-2019-8586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8586"
    },
    {
      "name": "CVE-2019-8581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8581"
    },
    {
      "name": "CVE-2019-8594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8594"
    },
    {
      "name": "CVE-2019-8607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8607"
    },
    {
      "name": "CVE-2019-8598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8598"
    },
    {
      "name": "CVE-2019-8584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8584"
    },
    {
      "name": "CVE-2019-8578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8578"
    }
  ],
  "initial_release_date": "2019-05-29T00:00:00",
  "last_revision_date": "2019-05-31T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-241",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-29T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 Apple HT210090 du 30 mai 2019",
      "revision_date": "2019-05-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210125 du 28 mai 2019",
      "url": "https://support.apple.com/en-us/HT210125"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210090 du 30 mai 2019",
      "url": "https://support.apple.com/en-us/HT210090"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210124 du 28 mai 2019",
      "url": "https://support.apple.com/en-us/HT210124"
    }
  ]
}

var-202010-0205

Vulnerability from variot

A resource management error vulnerability exists in Apple AirPort Base Stations using firmware versions prior to 7.9.1. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are currently provided. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. CVE-2019-8581: Lucio Albornoz

AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56)

AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-6918: Maxime Villard

AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8575: joshua stein

AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard

AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard

AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard

Installation note:

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0205",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "airport base station",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.8.1"
      },
      {
        "model": "airport base station",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.9.1"
      },
      {
        "model": "airport time capsule",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "airport extreme",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.7.9"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.7.8"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.7.7"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.7.3"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.9"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.8"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.7"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.4"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.3"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.2"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.1"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.5.2"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.2"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.1"
      },
      {
        "model": "airport base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "model": "airport base station",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.9.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      },
      {
        "db": "BID",
        "id": "108544"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8578"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "joshua stein, Vince Cali (@0x56),Apple, Maxime Villard,Lucio Albornoz",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-8578",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-8578",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-60819",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-8578",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-8578",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-60819",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-1203",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-8578",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8578"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8578"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. \n\r\n\r\nA resource management error vulnerability exists in Apple AirPort Base Stations using firmware versions prior to 7.9.1. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are currently provided. \nAttackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. \nCVE-2019-8581: Lucio Albornoz\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: A remote attacker may be able to cause a system denial of\nservice\nDescription: A null pointer dereference was addressed with improved\ninput validation. \nCVE-2019-8588: Vince Cali (@0x56)\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: A remote attacker may be able to cause a system denial of\nservice\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-6918: Maxime Villard\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8575: joshua stein\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nmemory handling. \nCVE-2019-7291: Maxime Villard\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: Source-routed IPv4 packets may be unexpectedly accepted\nDescription: Source-routed IPv4 packets were disabled by default. \nCVE-2019-8580: Maxime Villard\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A null pointer dereference was addressed with improved\ninput validation. \nCVE-2019-8572: Maxime Villard\n\nInstallation note:\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T\nK3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO\ngDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA\n7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17\n60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb\n1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9\nWdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi\nnewJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8\nwRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB\nQ1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd\n0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C\nZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8=\n=VaIH\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8578"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      },
      {
        "db": "BID",
        "id": "108544"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8578"
      },
      {
        "db": "PACKETSTORM",
        "id": "153412"
      },
      {
        "db": "PACKETSTORM",
        "id": "153139"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-8578",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "108544",
        "trust": 1.5
      },
      {
        "db": "PACKETSTORM",
        "id": "153412",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "153139",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1981",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2277",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1203",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8578",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8578"
      },
      {
        "db": "BID",
        "id": "108544"
      },
      {
        "db": "PACKETSTORM",
        "id": "153412"
      },
      {
        "db": "PACKETSTORM",
        "id": "153139"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8578"
      }
    ]
  },
  "id": "VAR-202010-0205",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      }
    ],
    "trust": 1.013494225
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      }
    ]
  },
  "last_update_date": "2024-11-23T20:32:19.563000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Apple AirPort Base Station resource management error vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/238813"
      },
      {
        "title": "Apple AirPort Base Station Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93082"
      },
      {
        "title": "Apple: AirPort Base Station Firmware Update 7.9.1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=4e396c93a3f7c1fd40a880bc653cd339"
      },
      {
        "title": "Apple: AirPort Base Station Firmware Update 7.8.1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=090bc152f2e68c8c7a769527b999e073"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8578"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8578"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht210090"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht210091"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/108544"
      },
      {
        "trust": 0.9,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.9,
        "url": "https://support.apple.com/en-ie/ht210090"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8578"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht210090"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht210091"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/153412/apple-security-advisory-2019-6-20-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1981/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/153139/apple-security-advisory-2019-5-30-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2277/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8580"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8581"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8588"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7291"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8575"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8572"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/416.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161857"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8573"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6918"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8578"
      },
      {
        "db": "BID",
        "id": "108544"
      },
      {
        "db": "PACKETSTORM",
        "id": "153412"
      },
      {
        "db": "PACKETSTORM",
        "id": "153139"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8578"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8578"
      },
      {
        "db": "BID",
        "id": "108544"
      },
      {
        "db": "PACKETSTORM",
        "id": "153412"
      },
      {
        "db": "PACKETSTORM",
        "id": "153139"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8578"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-11-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      },
      {
        "date": "2020-10-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-8578"
      },
      {
        "date": "2019-05-30T00:00:00",
        "db": "BID",
        "id": "108544"
      },
      {
        "date": "2019-06-24T23:31:52",
        "db": "PACKETSTORM",
        "id": "153412"
      },
      {
        "date": "2019-05-30T17:02:22",
        "db": "PACKETSTORM",
        "id": "153139"
      },
      {
        "date": "2019-05-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      },
      {
        "date": "2020-10-27T20:15:15.627000",
        "db": "NVD",
        "id": "CVE-2019-8578"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-11-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      },
      {
        "date": "2020-10-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-8578"
      },
      {
        "date": "2019-05-30T00:00:00",
        "db": "BID",
        "id": "108544"
      },
      {
        "date": "2020-11-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      },
      {
        "date": "2024-11-21T04:50:06.327000",
        "db": "NVD",
        "id": "CVE-2019-8578"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple AirPort Base Station resource management error vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-60819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1203"
      }
    ],
    "trust": 0.6
  }
}

ghsa-4376-93v6-4h5m

Vulnerability from github

Published

2022-05-24 17:32

Modified

2022-05-24 17:32

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-8578"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-27T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.",
  "id": "GHSA-4376-93v6-4h5m",
  "modified": "2022-05-24T17:32:16Z",
  "published": "2022-05-24T17:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8578"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210090"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210091"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cnvd-2020-60819

Vulnerability from cnvd

Title

Apple AirPort Base Station资源管理错误漏洞

Description

Apple AirPort Base Station是美国苹果（Apple）公司的一款无线路由器。使用7.9.1之前版本固件的Apple AirPort Base Station中存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源（如内存、磁盘空间、文件等）的管理不当。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

Apple AirPort Base Station资源管理错误漏洞的补丁

Patch Description

Apple AirPort Base Station是美国苹果（Apple）公司的一款无线路由器。使用7.9.1之前版本固件的Apple AirPort Base Station中存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源（如内存、磁盘空间、文件等）的管理不当。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT210090

Reference

http://www.securityfocus.com/bid/108544

Impacted products

Name
Apple AirPort Base Station <7.9.1

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "108544"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8578",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-8578"
    }
  },
  "description": "Apple AirPort Base Station\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\n\u4f7f\u75287.9.1\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Apple AirPort Base Station\u4e2d\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5bf9\u7cfb\u7edf\u8d44\u6e90\uff08\u5982\u5185\u5b58\u3001\u78c1\u76d8\u7a7a\u95f4\u3001\u6587\u4ef6\u7b49\uff09\u7684\u7ba1\u7406\u4e0d\u5f53\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT210090",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-60819",
  "openTime": "2020-11-06",
  "patchDescription": "Apple AirPort Base Station\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\r\n\r\n\u4f7f\u75287.9.1\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Apple AirPort Base Station\u4e2d\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5bf9\u7cfb\u7edf\u8d44\u6e90\uff08\u5982\u5185\u5b58\u3001\u78c1\u76d8\u7a7a\u95f4\u3001\u6587\u4ef6\u7b49\uff09\u7684\u7ba1\u7406\u4e0d\u5f53\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple AirPort Base Station\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple AirPort Base Station \u003c7.9.1"
  },
  "referenceLink": "http://www.securityfocus.com/bid/108544",
  "serverity": "\u9ad8",
  "submitTime": "2020-11-05",
  "title": "Apple AirPort Base Station\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

gsd-2019-8578

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-8578

Aliases

CVE-2019-8578

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-8578",
    "description": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.",
    "id": "GSD-2019-8578"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-8578"
      ],
      "details": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.",
      "id": "GSD-2019-8578",
      "modified": "2023-12-13T01:23:48.081142Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-8578",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AirPort Base Station Firmware Update",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.9"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "AirPort Base Station Firmware Update",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A remote attacker may be able to cause arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT210090",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT210090"
          },
          {
            "name": "https://support.apple.com/en-us/HT210091",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT210091"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:airport_base_station_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.8.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8578"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT210090",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT210090"
            },
            {
              "name": "https://support.apple.com/en-us/HT210091",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT210091"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-10-30T19:32Z",
      "publishedDate": "2020-10-27T20:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-8578 (GCVE-0-2019-8578)

Vulnerability from cvelistv5

fkie_cve-2019-8578

Vulnerability from fkie_nvd

CERTFR-2019-AVI-288

Vulnerability from certfr_avis

Solution

CERTFR-2019-AVI-241

Vulnerability from certfr_avis

Solution

var-202010-0205

Vulnerability from variot

ghsa-4376-93v6-4h5m

Vulnerability from github

cnvd-2020-60819

Vulnerability from cnvd

gsd-2019-8578

Vulnerability from gsd

Tags

Sightings

Nomenclature