CVE-2014-3204

Published May 6, 2014

Last updated 11 years ago

Overview

Description: Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys.
Source: security@ubuntu.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ayatana_project:unity:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1170F9BB-9FFB-407F-B8D3-F8417383021F",
            "versionEndIncluding": "7.2.0"
          },
          {
            "criteria": "cpe:2.3:a:ayatana_project:unity:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "982E87CF-26D7-4D2F-AA5F-57798C2F4D33"
          },
          {
            "criteria": "cpe:2.3:a:ayatana_project:unity:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5CD4318-783D-4428-815B-DD2C6F912C3F"
          },
          {
            "criteria": "cpe:2.3:a:ayatana_project:unity:7.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2562307E-490C-485E-9C1A-4A569565270F"
          },
          {
            "criteria": "cpe:2.3:a:ayatana_project:unity:7.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35E3A65D-6F6F-4457-A836-89A54CEDB9D9"
          },
          {
            "criteria": "cpe:2.3:a:ayatana_project:unity:7.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A052C0C4-4408-4014-AE8F-F894AB04BF1F"
          },
          {
            "criteria": "cpe:2.3:a:ayatana_project:unity:7.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07D5E8C8-34DD-4EA0-B686-2088F5C11122"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References