| Vulnerability Name: | CVE-2014-2005 (CCN-94034) | ||||||||||||
| Assigned: | 2014-06-24 | ||||||||||||
| Published: | 2014-06-24 | ||||||||||||
| Updated: | 2019-09-27 | ||||||||||||
| Summary: | Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen. | ||||||||||||
| CVSS v3 Severity: | 6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-287 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2014-2005 Source: CCN Type: JVN#63940326 Sophos Disk Encryption vulnerable to authentication bypass Source: JVN Type: Third Party Advisory, VDB Entry JVN#63940326 Source: JVNDB Type: Third Party Advisory, VDB Entry JVNDB-2014-000061 Source: BID Type: Third Party Advisory, VDB Entry 68169 Source: CCN Type: BID-68169 Sophos Enterprise Console Local Authentication Bypass Vulnerability Source: CCN Type: Sophos Knowledgebase 121066 Issue with Sophos Disk Encryption when managed from Sophos Enterprise Console potentially missing authentication step when resuming a laptop from sleep mode Source: CONFIRM Type: Vendor Advisory http://www.sophos.com/en-us/support/knowledgebase/121066.aspx Source: XF Type: UNKNOWN sophos-cve20142005-sec-bypass(94034) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||