CVE-2011-5117

Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
sophossafeguard_enterprise_device_encryption
5.6
sophossafeguard_enterprise_device_encryption
5.35.0
sophossafeguard_enterprise_device_encryption
5.35.1
sophossafeguard_enterprise_device_encryption
5.35.2
sophossafeguard_enterprise_device_encryption
5.35.3
sophossafeguard_enterprise_device_encryption
5.40.0
sophossafeguard_enterprise_device_encryption
5.50.0
sophossafeguard_enterprise_device_encryption
5.50.1
sophossafeguard_enterprise_device_encryption
5.50.8
sophossafeguard_easy_device_encryption_client
5.50.0
sophossafeguard_easy_device_encryption_client
5.50.1
sophossafeguard_easy_device_encryption_client
5.50.8
sophosdisk_encryption
5.50.0
sophosdisk_encryption
5.50.1
sophosdisk_encryption
5.50.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.sophos.com/en-us/support/knowledgebase/112655.aspx
http://www.sophos.com/en-us/support/knowledgebase/112655.aspx