Remote Code Execution Vulnerability in Apple AirPort Base Station Firmware
CVE-2015-7029

9.8CRITICAL

Key Information:

Vendor

Apple
Status
Airport Base Station Firmware
Vendor
CVE Published:
3 July 2016

What is CVE-2015-7029?

The Apple AirPort Base Station Firmware prior to versions 7.6.7 and 7.7.7 contains a vulnerability that misparses DNS data. This issue can be exploited by remote attackers to execute arbitrary code or to cause a denial of service through memory corruption. Attackers may leverage this vulnerability through unspecified vectors, potentially impacting the security and performance of devices running affected firmware versions.

References

http://lists.apple.com/archives/security-announce/2016/Ju...
vendor-advisoryx_refsource_APPLE
https://support.apple.com/HT206849
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036136
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.