Vulnerability Details : CVE-2014-3431
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2014-3431
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3431
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:L/AC:L/Au:S/C:P/I:P/A:P |
3.1
|
6.4
|
NIST |
CWE ids for CVE-2014-3431
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3431
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00
Symantec Encryption Desktop for OS X World-Writable Files Insecure File HandlingVendor Advisory
-
http://secunia.com/advisories/59421
Sign in
-
http://www.securitytracker.com/id/1030454
Symantec Encryption Desktop for OS X Installation File Permissions Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker
-
http://www.securityfocus.com/bid/68077
Symantec Encryption Desktop for OS X CVE-2014-3431 Insecure File Permissions Vulnerability
Products affected by CVE-2014-3431
- cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*
- cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*
- cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*
- cpe:2.3:a:symantec:encryption_desktop:10.3.2:mp1:*:*:professional:*:*:*
- cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*