Login Sign Up

CVE-2019-8580

7.5 HIGH

📋 TL;DR

CVE-2019-8580 is a vulnerability in Apple AirPort base stations where source-routed IPv4 packets were unexpectedly accepted despite being disabled by default. This could allow attackers to bypass network security controls and potentially intercept or manipulate traffic. Only users of affected Apple AirPort base stations are impacted.

💻 Affected Systems

Products:
  • Apple AirPort Base Station
Versions: Versions before 7.8.1 and 7.9.1
Operating Systems: AirPort Base Station Firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects AirPort base stations with default configurations; source-routed packets should have been disabled by default but were unexpectedly accepted.

📦 What is this software?

Airport Base Station Firmware by Apple

View all CVEs affecting Airport Base Station Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could intercept or manipulate network traffic, perform man-in-the-middle attacks, bypass firewall rules, and potentially gain unauthorized access to internal network resources.

🟠

Likely Case

Network traffic manipulation or interception, allowing attackers to monitor sensitive data or redirect connections to malicious destinations.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring; attackers would still need network access and specific knowledge of the target network.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires network access and knowledge of source routing techniques; no public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AirPort Base Station Firmware Update 7.8.1 or 7.9.1

Vendor Advisory: https://support.apple.com/en-us/HT210090

Restart Required: Yes

Instructions:

1. Access AirPort Utility on a connected Mac or iOS device. 2. Select your base station. 3. Click 'Update' if available. 4. Follow prompts to install firmware update. 5. The base station will restart automatically.

🔧 Temporary Workarounds

Disable source routing at network perimeter

linux

Configure network firewalls or routers to block source-routed IPv4 packets at the network perimeter.

# Example for iptables: iptables -A INPUT -m ipv4options --lsrr -j DROP
# Example for iptables: iptables -A INPUT -m ipv4options --ssrr -j DROP

🧯 If You Can't Patch

  • Segment AirPort base stations on isolated network segments to limit potential attack surface
  • Implement network monitoring for source-routed packet attempts and review firewall logs regularly

🔍 How to Verify

Check if Vulnerable:

Check AirPort base station firmware version in AirPort Utility; versions before 7.8.1/7.9.1 are vulnerable.

Check Version:

Not applicable via command line; must use AirPort Utility graphical interface

Verify Fix Applied:

Confirm firmware version shows 7.8.1 or 7.9.1 in AirPort Utility after update.

📡 Detection & Monitoring

Log Indicators:

  • Firewall logs showing blocked source-routed packets
  • Network device logs with IP options indicating LSRR or SSRR

Network Indicators:

  • Network traffic with IP option 131 (LSRR) or 137 (SSRR) directed at AirPort base stations

SIEM Query:

source_ip:* AND (ip_options:"LSRR" OR ip_options:"SSRR") AND dest_ip:[AirPort_Base_Station_IP]

📊 Metadata

CVE ID: CVE-2019-8580
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Published: October 27, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON