Apple OS X Profile Manager Device Management Private Interface Managed Device Enumeration

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

Apple Profile Manager provides the list of managed devices to
unauthenticated clients.

Description :

Profile Manager on Apple OS X Server before 10.7.5 does not properly
perform authentication for the Device Management private interface,
which allows attackers to enumerate managed devices via unspecified

See also :

Solution :

Upgrade to Apple OS X Server 10.7.5 / 10.8.2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Mobile Devices

Nessus Plugin ID: 65676 ()

Bugtraq ID: 56247

CVE ID: CVE-2012-3721