Adobe AIR <= 22.0.0.153 Android Applications Runtime Analytics MitM (APSB16-31)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a browser plugin installed that is
affected by a man-in-the-middle vulnerability.

Description :

The version of Adobe AIR installed on the remote Windows host is prior
or equal to version 22.0.0.153. It is, therefore, affected by a
man-in-the-middle (MitM) vulnerability due to the cleartext
transmission of runtime analytics for AIR applications on Android. A
MitM attacker can exploit this to disclose or tamper with the runtime
analytics.

Note that Nessus has not tested for this issues but has instead relied
only on the application's self-reported version number.

See also :

https://helpx.adobe.com/security/products/air/apsb16-31.html

Solution :

Upgrade to Adobe AIR version 23.0.0.257 or later.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 93523 ()

Bugtraq ID: 92926

CVE ID: CVE-2016-6936

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now