| Vulnerability Name: | CVE-2014-5195 (CCN-95199) | ||||||||||||
| Assigned: | 2014-07-27 | ||||||||||||
| Published: | 2014-07-27 | ||||||||||||
| Updated: | 2017-09-08 | ||||||||||||
| Summary: | Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension. | ||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-362 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2014-5195 Source: OSVDB Type: UNKNOWN 109788 Source: CCN Type: OSVDB ID: 109788 Ubuntu Unity Underlying Window Keyboard Focus Screenlock Bypass Source: BID Type: UNKNOWN 68987 Source: CCN Type: BID-68987 Ubuntu 'Unity' Package Lock Screen Local Security Bypass Vulnerability Source: UBUNTU Type: UNKNOWN USN-2303-1 Source: CCN Type: Ubuntu Bug #1349128 Ubuntu 14.04 lock screen doesn't accept keyboard input and sends it back to the underlying window (until using indicators) Source: CONFIRM Type: UNKNOWN https://bugs.launchpad.net/unity/7.2/+bug/1349128 Source: XF Type: UNKNOWN ubuntu-unity-screenlock-sec-bypass(95199) Source: XF Type: UNKNOWN ubuntu-unity-screenlock-sec-bypass(95199) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||