Vulnerability Description
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sophos | Safeguard Enterprise Device Encryption | 5.6 |
| Sophos | Safeguard Easy Device Encryption Client | 5.50.0 |
| Sophos | Disk Encryption | 5.50.0 |
Related Weaknesses (CWE)
References
- http://www.sophos.com/en-us/support/knowledgebase/112655.aspxPatchVendor Advisory
- http://www.sophos.com/en-us/support/knowledgebase/112655.aspxPatchVendor Advisory
FAQ
What is CVE-2011-5117?
CVE-2011-5117 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-...
How severe is CVE-2011-5117?
CVE-2011-5117 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-5117?
Check the references section above for vendor advisories and patch information. Affected products include: Sophos Safeguard Enterprise Device Encryption, Sophos Safeguard Easy Device Encryption Client, Sophos Disk Encryption.