CVE-2014-4432

fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:N/A:N
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
applemac_os_x
𝑥
≤ 10.9.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
http://www.securityfocus.com/bid/70632
http://www.securitytracker.com/id/1031063
https://exchange.xforce.ibmcloud.com/vulnerabilities/97637
https://support.apple.com/kb/HT6535
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
http://www.securityfocus.com/bid/70632
http://www.securitytracker.com/id/1031063
https://exchange.xforce.ibmcloud.com/vulnerabilities/97637
https://support.apple.com/kb/HT6535