Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-5117

Опубликовано: 24 авг. 2012
Источник: nvd
CVSS2: 6.9
EPSS Низкий

Описание

Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.6:*:*:*:*:*:*:*
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.35.0:*:*:*:*:*:*:*
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.35.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.35.2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.35.3:*:*:*:*:*:*:*
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.40.0:*:*:*:*:*:*:*
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.50.0:*:*:*:*:*:*:*
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.50.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:safeguard_enterprise_device_encryption:5.50.8:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:5.50.0:*:*:*:*:*:*:*
cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:5.50.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:5.50.8:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:sophos:disk_encryption:5.50.0:*:*:*:*:*:*:*
cpe:2.3:a:sophos:disk_encryption:5.50.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:disk_encryption:5.50.8:*:*:*:*:*:*:*

EPSS

Процентиль: 29%
0.00103
Низкий

6.9 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

github логотип

GHSA-r9fg-3g6m-68g9

github
больше 3 лет назад

Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.

EPSS

Процентиль: 29%
0.00103
Низкий

6.9 Medium

CVSS2

Дефекты

CWE-362