CVE-2007-1338

3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Airport Extreme

Timeline

PublishedMar 8

Latest updateMay 1

Description

The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/airport_extreme7.1

🔴Vulnerability Details

GHSA

GHSA-j777-7mfw-w8wv: The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connecti↗2022-05-01

▶

CVEList

CVE-2007-1338: The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connecti↗2007-03-07

▶