CVE-2012-4736
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations.
El componente Device Encryption Client en Sophos SafeGuard Enterprise 6.0 cuando una política de cifrado volume-based es habilitada en conjunción con una clave user-defined, no bloquea el acceso adecuadamente a dispositivos USB exFAT, lo que hace más fácil para usuarios locales evitar restricciones de acceso establecidas y copiar información sensible en un disco a través de múltiples operaciones de removal y reattach.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-08-29 CVE Reserved
- 2012-08-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78580 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.sophos.com/support/knowledgebase/1376/1380/114138.aspx | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sophos Search vendor "Sophos" | Safeguard Enterprise Search vendor "Sophos" for product "Safeguard Enterprise" | 6.0 Search vendor "Sophos" for product "Safeguard Enterprise" and version "6.0" | - |
Affected
| ||||||