Vulnerability Details CVE-2014-5195
Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.9%
CVSS Severity
CVSS v2 Score 7.2
References
- http://www.osvdb.org/109788
- http://www.securityfocus.com/bid/68987
- http://www.ubuntu.com/usn/USN-2303-1
- https://bugs.launchpad.net/unity/7.2/+bug/1349128
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95199
- http://www.osvdb.org/109788
- http://www.securityfocus.com/bid/68987
- http://www.ubuntu.com/usn/USN-2303-1
- https://bugs.launchpad.net/unity/7.2/+bug/1349128
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95199
Products affected by CVE-2014-5195
-
cpe:2.3:a:ayatana_project:unity:7.0.0
-
cpe:2.3:a:ayatana_project:unity:7.0.1
-
cpe:2.3:a:ayatana_project:unity:7.1.0
-
cpe:2.3:a:ayatana_project:unity:7.1.1
-
cpe:2.3:a:ayatana_project:unity:7.1.2
-
cpe:2.3:a:ayatana_project:unity:7.1.3
-
cpe:2.3:a:ayatana_project:unity:7.2.0
-
cpe:2.3:a:ayatana_project:unity:7.2.1
-
cpe:2.3:a:ayatana_project:unity:7.3.0
-
cpe:2.3:o:canonical:ubuntu_linux:14.04