CVE-2013-5136

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-5136
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:apple_remote_desktop:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.6:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:apple_remote_desktop:3.3:*:*:*:*:*:*:*
Information

Published : 2013-10-23 20:48

Updated : 2018-10-30 09:26

NVD link : CVE-2013-5136

Mitre link : CVE-2013-5136

JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa
Products Affected

apple

  • apple_remote_desktop