CVE-2009-2189
First published: Wed Dec 22 2010(Updated: )
The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple AirPort Express Base Station Firmware | <=7.4.2 | |
| Apple AirPort Express Base Station Firmware | =3.84 | |
| Apple AirPort Express Base Station Firmware | =4.0.9 | |
| Apple AirPort Express Base Station Firmware | =6.1 | |
| Apple AirPort Express Base Station Firmware | =6.3 | |
| Apple AirPort Express Base Station Firmware | =7.3.2 | |
| Apple AirPort Express Base Station Firmware | =7.4.1 | |
| Apple AirPort Extreme | =5.5 | |
| Apple AirPort Extreme | =5.7 | |
| Apple AirPort Express | ||
| Apple AirPort Extreme Base Station | ||
| Apple Time Capsule |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-2189?
CVE-2009-2189 is classified as a denial of service vulnerability due to its impact on network functionality.
How do I fix CVE-2009-2189?
To fix CVE-2009-2189, upgrade the firmware of Apple Time Capsule, AirPort Extreme Base Station, or AirPort Express Base Station to version 7.5.2 or later.
Which devices are affected by CVE-2009-2189?
CVE-2009-2189 affects Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware versions prior to 7.5.2.
What do the symptoms of CVE-2009-2189 look like?
Symptoms of CVE-2009-2189 may include network instability and degraded performance due to excessive Router Advertisement and Neighbor Discovery packets.
Is there a patch available for CVE-2009-2189?
Yes, a patch is available in the firmware update released by Apple, specifically version 7.5.2 and above.
- collector/nvd-historical
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple airport express base station firmware
- version/apple airport express base station firmware/7.4.2
- version/apple airport express base station firmware/3.84
- version/apple airport express base station firmware/4.0.9
- version/apple airport express base station firmware/6.1
- version/apple airport express base station firmware/6.3
- version/apple airport express base station firmware/7.3.2
- version/apple airport express base station firmware/7.4.1
- canonical/apple airport extreme
- version/apple airport extreme/5.5
- version/apple airport extreme/5.7
- canonical/apple airport express
- canonical/apple airport extreme base station
- canonical/apple time capsule