CVE-2012-0681Apple Remote Desktop vulnerability

CWE-3103 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 34.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Remote Desktop
Timeline
PublishedAug 22
Latest updateMay 17

Description

Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapple/apple_remote_desktop3.5.2, 3.5.3, 3.6.0+2

🔴Vulnerability Details

2
GHSA
GHSA-5j5w-v5qv-67gx: Apple Remote Desktop before 32022-05-17
CVEList
CVE-2012-0681: Apple Remote Desktop before 32012-08-22
CVE-2012-0681 — Apple Remote Desktop vulnerability | cvebase