CVE-2012-0681

2012-08-2210:42:04

CWE-310

apple

web.nvd.nist.gov

cve-2012-0681

apple remote desktop

vnc

network security

encryption

sniffing

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.002

Percentile

59.8%

JSON

Apple Remote Desktop before 3.6.1 does not recognize the “Encrypt all network data” setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.

Affected configurations

Nvd

Node

appleapple_remote_desktopMatch3.5.2

appleapple_remote_desktopMatch3.5.3

appleapple_remote_desktopMatch3.6.0

VendorProductVersionCPE
appleapple_remote_desktop3.5.2cpe:2.3:a:apple:apple_remote_desktop:3.5.2:*:*:*:*:*:*:*
appleapple_remote_desktop3.5.3cpe:2.3:a:apple:apple_remote_desktop:3.5.3:*:*:*:*:*:*:*
appleapple_remote_desktop3.6.0cpe:2.3:a:apple:apple_remote_desktop:3.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	apple_remote_desktop	3.5.2	cpe:2.3:a:apple:apple_remote_desktop:3.5.2:::::::*
apple	apple_remote_desktop	3.5.3	cpe:2.3:a:apple:apple_remote_desktop:3.5.3:::::::*
apple	apple_remote_desktop	3.6.0	cpe:2.3:a:apple:apple_remote_desktop:3.6.0:::::::*