CVE-2011-5117 : Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos Safe

Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.

Published 2012-08-24 10:36:42

Updated 2012-08-24 16:30:29

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2011-5117

Sophos » Safeguard Enterprise Device Encryption » Version: 5.50.8
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.50.8:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Enterprise Device Encryption » Version: 5.50.0
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.50.0:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Enterprise Device Encryption » Version: 5.40.0
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.40.0:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Enterprise Device Encryption » Version: 5.35.3
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.35.3:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Enterprise Device Encryption » Version: 5.35.2
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.35.2:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Enterprise Device Encryption » Version: 5.35.1
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.35.1:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Enterprise Device Encryption » Version: 5.6
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.6:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Enterprise Device Encryption » Version: 5.50.1
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.50.1:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Enterprise Device Encryption » Version: 5.35.0
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.35.0:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Easy Device Encryption Client » Version: 5.50.1
cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:5.50.1:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Easy Device Encryption Client » Version: 5.50.8
cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:5.50.8:*:*:*:*:*:*:*
Matching versions
Sophos » Safeguard Easy Device Encryption Client » Version: 5.50.0
cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:5.50.0:*:*:*:*:*:*:*
Matching versions
Sophos » Disk Encryption » Version: 5.50.0
cpe:2.3:a:sophos:disk_encryption:5.50.0:*:*:*:*:*:*:*
Matching versions
Sophos » Disk Encryption » Version: 5.50.1
cpe:2.3:a:sophos:disk_encryption:5.50.1:*:*:*:*:*:*:*
Matching versions
Sophos » Disk Encryption » Version: 5.50.8
cpe:2.3:a:sophos:disk_encryption:5.50.8:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-5117

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-5117

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-5117

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-5117

http://www.sophos.com/en-us/support/knowledgebase/112655.aspx

Sophos Community
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2011-5117

Products affected by CVE-2011-5117

Exploit prediction scoring system (EPSS) score for CVE-2011-5117

CVSS scores for CVE-2011-5117

CWE ids for CVE-2011-5117

References for CVE-2011-5117