Detections
Analytics
Apple Remote Desktop < 3.5.3 / 3.6.1 Information Disclosure (Mac OS X)
medium Nessus Plugin ID 61621
Language:
Synopsis
The Mac OS X host has a remote management tool that is affected by an information disclosure vulnerability.Description
According to its version, the Admin component in the Apple Remote Desktop install on the remote host reportedly fails to encrypt data and does not issue a warning when connecting to a third-party VNC server with 'Encrypt all network data' set. This could lead to information disclosure.Solution
Upgrade to Apple Remote Desktop 3.5.3 / 3.6.1 or later.See Also
http://support.apple.com/kb/HT5433
http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00002.html
Plugin Details
Severity: Medium
ID: 61621
File Name: macosx_remote_desktop_3_6_1.nasl
Version: 1.4
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 8/22/2012
Updated: 7/14/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:apple:apple_remote_desktop
Required KB Items: MacOSX/Remote_Desktop_Admin/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 8/20/2012
Vulnerability Publication Date: 8/20/2012
Reference Information
CVE: CVE-2012-0681
BID: 55100