CVE-2003-0270

The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/8773
http://securitytracker.com/id?1006742
http://www.atstake.com/research/advisories/2003/a051203-1.txt	Vendor Advisory
http://www.securityfocus.com/bid/7554	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11980

Configurations

Configuration 1 (hide)

cpe:2.3:h:apple:802.11n:7.3.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2003-06-16 04:00

Updated : 2017-07-11 01:29

NVD link : CVE-2003-0270

Mitre link : CVE-2003-0270

CVE.ORG link : CVE-2003-0270

JSON object : View

Products Affected

apple

802.11n

CWE

NVD-CWE-Other

{"id": "CVE-2003-0270", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-06-16T04:00:00.000", "references": [{"url": "http://secunia.com/advisories/8773", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1006742", "source": "cve@mitre.org"}, {"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7554", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."}, {"lang": "es", "value": "La capacidad de administraci\u00f3n de Apple AirPort 802.11 wireless access point devices usa encripci\u00f3n d\u00e9bil (XOR con clave fija) para proteger las credenciales de autentificaci\u00f3n, lo que podr\u00eda permitir que atacantes remotos obtengan acceso administrativo mediante sniffing, cuando esa capacidad est\u00e1 disponible por Ethernet o conexiones no WEP."}], "lastModified": "2017-07-11T01:29:30.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:802.11n:7.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D25611E-5EFC-468F-9D7C-5003CF63ED5A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}