CVE-2010-1377Apple MAC OS X vulnerability

CWE-3103 documents3 sources
Severity
9.3CRITICALNVD
EPSS
1.0%
top 22.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedJun 17
Latest updateMay 2

Description

Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x4 versions+3
NVDapple/mac_os_x_server4 versions+3

Patches

Patch: support.apple.comPatch: www.securityfocus.comPatch: support.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-96mv-5vmp-38xx: Open Directory in Apple Mac OS X 102022-05-02
CVEList
CVE-2010-1377: Open Directory in Apple Mac OS X 102010-06-17
CVE-2010-1377 — Apple MAC OS X vulnerability | cvebase