FTP Proxy Server Vulnerability in Apple AirPort Devices
CVE-2010-0962

Currently unrated

Key Information:

Vendor: Apple
Status: Time Capsule; Airport Extreme; Airport Express
Vendor: CVE Published:; 10 March 2010

Summary

The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 fails to limit the IP address and port specified in a PORT command from clients. This oversight allows remote attackers to exploit intranet FTP servers, facilitating arbitrary TCP forwarding. Such a flaw can lead to unauthorized access and data exfiltration, posing serious risks to network security.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/56701

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/509867/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/38543

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 10, 2010
Vulnerability Reserved
Mar 10, 2010