Vulnerability Description
Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ayatana Project | Unity | <= 7.2.2 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- http://www.osvdb.org/109788
- http://www.securityfocus.com/bid/68987
- http://www.ubuntu.com/usn/USN-2303-1
- https://bugs.launchpad.net/unity/7.2/+bug/1349128
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95199
- http://www.osvdb.org/109788
- http://www.securityfocus.com/bid/68987
- http://www.ubuntu.com/usn/USN-2303-1
- https://bugs.launchpad.net/unity/7.2/+bug/1349128
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95199
FAQ
What is CVE-2014-5195?
CVE-2014-5195 is a vulnerability with a CVSS score of 7.2 (HIGH). Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the ...
How severe is CVE-2014-5195?
CVE-2014-5195 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5195?
Check the references section above for vendor advisories and patch information. Affected products include: Ayatana Project Unity, Canonical Ubuntu Linux.