CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.7 | $0-$5k | 0.00 |
A vulnerability was found in Ayatana Unity up to 7.2.0. It has been classified as problematic. Affected is an unknown function of the component Lock Screen. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks.
The weakness was shared 05/06/2014 (Website). The advisory is available at bugs.launchpad.net. This vulnerability is traded as CVE-2014-3203 since 05/03/2014. Local access is required to approach this attack. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.
The commercial vulnerability scanner Qualys is able to test this issue with plugin 195462 (Ubuntu Security Notification for Unity Vulnerabilities (USN-2184-1)).
Upgrading to version 7.1.0 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at X-Force (93066). The entry 13152 is related to this item.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.7
VulDB Base Score: 5.9
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Unity 7.1.0
Timeline
04/17/2014 🔍05/03/2014 🔍
05/06/2014 🔍
05/06/2014 🔍
07/23/2014 🔍
03/25/2015 🔍
03/21/2022 🔍
Sources
Advisory: usn-2184-1Status: Not defined
Confirmation: 🔍
CVE: CVE-2014-3203 (🔍)
X-Force: 93066
Vulnerability Center: 45588 - Unity <7.2.1 Local Security Bypass and Code Execution due to Improper Access to Dash in Locked Screen, Medium
OSVDB: 106422
See also: 🔍
Entry
Created: 03/25/2015 16:45Updated: 03/21/2022 08:47
Changes: 03/25/2015 16:45 (57), 06/03/2017 07:25 (3), 03/21/2022 08:43 (3), 03/21/2022 08:47 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.