CVE-2014-3203 : Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access t

Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks.

Published 2014-05-06 14:55:06

Updated 2014-05-07 14:09:33

Source Canonical Ltd.

View at NVD, CVE.org

Products affected by CVE-2014-3203

Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Ayatana Project » Unity
Versions up to, including, (<=) 7.2.0
cpe:2.3:a:ayatana_project:unity:*:*:*:*:*:*:*:*
Matching versions
Ayatana Project » Unity » Version: 7.1.3
cpe:2.3:a:ayatana_project:unity:7.1.3:*:*:*:*:*:*:*
Matching versions
Ayatana Project » Unity » Version: 7.1.2
cpe:2.3:a:ayatana_project:unity:7.1.2:*:*:*:*:*:*:*
Matching versions
Ayatana Project » Unity » Version: 7.1.0
cpe:2.3:a:ayatana_project:unity:7.1.0:*:*:*:*:*:*:*
Matching versions
Ayatana Project » Unity » Version: 7.0.0
cpe:2.3:a:ayatana_project:unity:7.0.0:*:*:*:*:*:*:*
Matching versions
Ayatana Project » Unity » Version: 7.1.1
cpe:2.3:a:ayatana_project:unity:7.1.1:*:*:*:*:*:*:*
Matching versions
Ayatana Project » Unity » Version: 7.0.1
cpe:2.3:a:ayatana_project:unity:7.0.1:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2014-3203

Top countries where our scanners detected CVE-2014-3203

Top open port discovered on systems with this issue 8200

IPs affected by CVE-2014-3203 8

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-3203!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-3203

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3203

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-3203

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3203

http://ubuntu.com/usn/usn-2184-1

USN-2184-1: Unity vulnerabilities | Ubuntu security notices
Vendor Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2014/05/03/1

oss-security - Re: Ubuntu 14.04: security problem in the lock screen

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2014/04/29/2

oss-security - Re: Ubuntu 14.04: security problem in the lock screen

CVEs referencing this url
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308850

Bug #1308850 “Dash is visible on top of the lockscreen after scr...” : Bugs : unity package : Ubuntu
Exploit