Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-5117

Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.

Published

2012-08-24T10:36:42.067

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.4

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-362
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sophos safeguard_enterprise_device_encryption 5.6 Yes
Application sophos safeguard_enterprise_device_encryption 5.35.0 Yes
Application sophos safeguard_enterprise_device_encryption 5.35.1 Yes
Application sophos safeguard_enterprise_device_encryption 5.35.2 Yes
Application sophos safeguard_enterprise_device_encryption 5.35.3 Yes
Application sophos safeguard_enterprise_device_encryption 5.40.0 Yes
Application sophos safeguard_enterprise_device_encryption 5.50.0 Yes
Application sophos safeguard_enterprise_device_encryption 5.50.1 Yes
Application sophos safeguard_enterprise_device_encryption 5.50.8 Yes
Application sophos safeguard_easy_device_encryption_client 5.50.0 Yes
Application sophos safeguard_easy_device_encryption_client 5.50.1 Yes
Application sophos safeguard_easy_device_encryption_client 5.50.8 Yes
Application sophos disk_encryption 5.50.0 Yes
Application sophos disk_encryption 5.50.1 Yes
Application sophos disk_encryption 5.50.8 Yes
References