CVE-2011-3462

2012-02-0218:55:01

apple

web.nvd.nist.gov

cve-2011-3462

apple

mac os x

time machine

afp

time capsule

spoofing

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.

Affected configurations

Nvd

Node

applemac_os_xRange≤10.7.2

applemac_os_xMatch10.7.0

applemac_os_xMatch10.7.1

applemac_os_x_serverRange≤10.7.2

applemac_os_x_serverMatch10.7.0

applemac_os_x_serverMatch10.7.1

VendorProductVersionCPE
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
applemac_os_x10.7.0cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*
applemac_os_x10.7.1cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*
applemac_os_x_server*cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
applemac_os_x_server10.7.0cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*
applemac_os_x_server10.7.1cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::
apple	mac_os_x	10.7.0	cpe:2.3:o:apple:mac_os_x:10.7.0:::::::*
apple	mac_os_x	10.7.1	cpe:2.3:o:apple:mac_os_x:10.7.1:::::::*
apple	mac_os_x_server	*	cpe:2.3:o:apple:mac_os_x_server::::::::
apple	mac_os_x_server	10.7.0	cpe:2.3:o:apple:mac_os_x_server:10.7.0:::::::*
apple	mac_os_x_server	10.7.1	cpe:2.3:o:apple:mac_os_x_server:10.7.1:::::::*