CCE-85422-4| Platform: cpe:/o:apple:mac_os_11 | Date: (C)2022-12-28 (M)2023-07-04 |
The main use case for Mac computers is as mobile user endpoints. P2P sharing services should not be enabled on laptops that are using untrusted networks. Content Caching can allow a computer to be a server for local nodes on an untrusted network. While there are certainly logical controls that could be used to mitigate risk they add to the management complexity, since the value of the service is in specific use cases organizations with the use case described above can accept risk as necessary.
Fix:
AssetCacheManagerUtil deactivate
Parameter:
[yes/no]
Technical Mechanism:
AssetCacheManagerUtil deactivate
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 9.9 | Attack Vector: NETWORK |
| Exploit Score: 3.1 | Attack Complexity: LOW |
| Impact Score: 6.0 | Privileges Required: LOW |
| Severity: CRITICAL | User Interaction: NONE |
| Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:80361 |
