- Description
- Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-362
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ayatana_project:unity:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06405E5B-496D-48F7-9B01-61E4B38857DC",
"versionEndIncluding": "7.2.2"
},
{
"criteria": "cpe:2.3:a:ayatana_project:unity:7.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "993D6701-1899-4758-A3DB-50AA9AD9EC73"
},
{
"criteria": "cpe:2.3:a:ayatana_project:unity:7.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4700B93F-776C-4040-B61B-374B16FCBA96"
},
{
"criteria": "cpe:2.3:a:ayatana_project:unity:7.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DC6342E-B85C-4870-ADAE-5FD53A973C3D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]