CVE-2014-2005
medium
CVSS v3
6.8
CVSS v2
6.9
VIR risk
6.8
Description
Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen.
Predictions
Exploit likelihood
67%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: vultures@jpcert.or.jp — http://www.sophos.com/en-us/support/knowledgebase/121066.aspx
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| sophos | enterprise_console | {"endIncluding":"5.2.1"} | |
| sophos | enterprise_console | 5.1 | |
| sophos | enterprise_console | 5.2 | |
| sophos | enterprise_console | 5.2.1 | |
References
- http://jvn.jp/en/jp/JVN63940326/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000061
- http://www.securityfocus.com/bid/68169
- http://www.sophos.com/en-us/support/knowledgebase/121066.aspx
- http://jvn.jp/en/jp/JVN63940326/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000061
- http://www.securityfocus.com/bid/68169
- http://www.sophos.com/en-us/support/knowledgebase/121066.aspx
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.