CVE-2013-5136 — Sensitive Information Exposure in Apple Remote Desktop

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 49.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Remote Desktop

Timeline

PublishedOct 24

Latest updateMay 14

Description

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/apple_remote_desktop3.6.2+16

🔴Vulnerability Details

GHSA

GHSA-3v83-p792-64c4: Apple Remote Desktop before 3↗2022-05-14

▶

CVEList

CVE-2013-5136: Apple Remote Desktop before 3↗2013-10-24

▶