Details of VAR-201310-0495

ID

VAR-201310-0495

CVE

CVE-2013-5136

TITLE

Apple Remote Desktop Vulnerability where important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-004867

DESCRIPTION

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session. Apple Remote Desktop is prone to an information-disclosure vulnerability. A remote man-in-the-middle attacker can exploit this issue to disclose potentially sensitive information. Information obtained may aid in further attacks. The system supports software distribution, resource management and remote assistance, etc

Trust: 1.98

sources: NVD: CVE-2013-5136 // JVNDB: JVNDB-2013-004867 // BID: 63286 // VULHUB: VHN-65138

AFFECTED PRODUCTS

vendor:	apple	model:	remote desktop	scope:	eq	version:	3.2.2	Trust: 1.9
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.2.1	Trust: 1.9
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.1	Trust: 1.9
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.3.1	Trust: 1.6
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.5.4	Trust: 1.6
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.0.0	Trust: 1.6
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.2	Trust: 1.6
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.3	Trust: 1.6
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.5.1	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.5.2	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.4	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.6	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.5	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.5.3	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.6.1	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.3.2	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	lte	version:	3.6.2	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.0	Trust: 0.9
vendor:	apple	model:	remote desktop	scope:	lt	version:	3.x	Trust: 0.8
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.7	Trust: 0.8
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.6.2	Trust: 0.6

sources: BID: 63286 // JVNDB: JVNDB-2013-004867 // CNNVD: CNNVD-201310-572 // NVD: CVE-2013-5136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5136
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5136
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-572
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65138
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5136
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65138
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65138 // JVNDB: JVNDB-2013-004867 // CNNVD: CNNVD-201310-572 // NVD: CVE-2013-5136

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-65138 // JVNDB: JVNDB-2013-004867 // NVD: CVE-2013-5136

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-572

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201310-572

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004867

PATCH

title:	APPLE-SA-2013-10-22-7	url:	http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html	Trust: 0.8
title:	HT5998	url:	http://support.apple.com/kb/HT5998	Trust: 0.8
title:	HT5998	url:	http://support.apple.com/kb/HT5998?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2013-004867

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5136	Trust: 2.8
db:	JVN	id:	JVNVU95174988	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004867	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-572	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2013-10-22-7	Trust: 0.6
db:	BID	id:	63286	Trust: 0.4
db:	VULHUB	id:	VHN-65138	Trust: 0.1

sources: VULHUB: VHN-65138 // BID: 63286 // JVNDB: JVNDB-2013-004867 // CNNVD: CNNVD-201310-572 // NVD: CVE-2013-5136

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2013/oct/msg00008.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5136	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95174988/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5136	Trust: 0.8
url:	http://software.cisco.com/download/navigator.html?mdfid=283613663	Trust: 0.3

sources: VULHUB: VHN-65138 // BID: 63286 // JVNDB: JVNDB-2013-004867 // CNNVD: CNNVD-201310-572 // NVD: CVE-2013-5136

CREDITS

Mark S. C. Smith studying at Central Connecticut State University

Trust: 0.3

sources: BID: 63286

SOURCES

db:	VULHUB	id:	VHN-65138
db:	BID	id:	63286
db:	JVNDB	id:	JVNDB-2013-004867
db:	CNNVD	id:	CNNVD-201310-572
db:	NVD	id:	CVE-2013-5136

LAST UPDATE DATE

2025-04-11T22:09:03.530000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65138	date:	2018-10-30T00:00:00
db:	BID	id:	63286	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004867	date:	2013-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201310-572	date:	2013-11-08T00:00:00
db:	NVD	id:	CVE-2013-5136	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65138	date:	2013-10-24T00:00:00
db:	BID	id:	63286	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004867	date:	2013-10-25T00:00:00
db:	CNNVD	id:	CNNVD-201310-572	date:	2013-10-24T00:00:00
db:	NVD	id:	CVE-2013-5136	date:	2013-10-24T03:48:48.893