CVE-2014-5195
Published Aug 7, 2014
Last updated 7 years ago
Overview
- Description
- Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-362
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ayatana_project:unity:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06405E5B-496D-48F7-9B01-61E4B38857DC",
"versionEndIncluding": "7.2.2"
},
{
"criteria": "cpe:2.3:a:ayatana_project:unity:7.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "993D6701-1899-4758-A3DB-50AA9AD9EC73"
},
{
"criteria": "cpe:2.3:a:ayatana_project:unity:7.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4700B93F-776C-4040-B61B-374B16FCBA96"
},
{
"criteria": "cpe:2.3:a:ayatana_project:unity:7.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DC6342E-B85C-4870-ADAE-5FD53A973C3D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]