CVE-2014-3204
Severity Score
4.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys.
Unity anterior a 7.2.1, utilizado en Ubuntu 14.04, no maneja debidamente accesos directos de teclado, lo que permite a atacantes físicamente próximos evadir la pantalla de bloqueo y ejecutar comandos arbitrarios, tal y como fue demostrado presionando el botón derecho en la barra de indicador y posteriormente presionando las teclas ALT y F2.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-05-03 CVE Reserved
- 2014-05-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/04/29/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2014/05/03/1 | Mailing List |
|
| http://www.securityfocus.com/bid/67117 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1313885 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://ubuntu.com/usn/usn-2184-1 | 2014-05-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ayatana Project Search vendor "Ayatana Project" | Unity Search vendor "Ayatana Project" for product "Unity" | <= 7.2.0 Search vendor "Ayatana Project" for product "Unity" and version " <= 7.2.0" | - |
Affected
| ||||||
| Ayatana Project Search vendor "Ayatana Project" | Unity Search vendor "Ayatana Project" for product "Unity" | 7.0.0 Search vendor "Ayatana Project" for product "Unity" and version "7.0.0" | - |
Affected
| ||||||
| Ayatana Project Search vendor "Ayatana Project" | Unity Search vendor "Ayatana Project" for product "Unity" | 7.0.1 Search vendor "Ayatana Project" for product "Unity" and version "7.0.1" | - |
Affected
| ||||||
| Ayatana Project Search vendor "Ayatana Project" | Unity Search vendor "Ayatana Project" for product "Unity" | 7.1.0 Search vendor "Ayatana Project" for product "Unity" and version "7.1.0" | - |
Affected
| ||||||
| Ayatana Project Search vendor "Ayatana Project" | Unity Search vendor "Ayatana Project" for product "Unity" | 7.1.1 Search vendor "Ayatana Project" for product "Unity" and version "7.1.1" | - |
Affected
| ||||||
| Ayatana Project Search vendor "Ayatana Project" | Unity Search vendor "Ayatana Project" for product "Unity" | 7.1.2 Search vendor "Ayatana Project" for product "Unity" and version "7.1.2" | - |
Affected
| ||||||
| Ayatana Project Search vendor "Ayatana Project" | Unity Search vendor "Ayatana Project" for product "Unity" | 7.1.3 Search vendor "Ayatana Project" for product "Unity" and version "7.1.3" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||