CVE-2011-3212

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.

References

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://osvdb.org/76362

http://support.apple.com/kb/HT5002

http://support.apple.com/kb/HT5281

http://www.securityfocus.com/bid/50085

Details

Source: MITRE

Published: 2011-10-14

Updated: 2012-05-12

Type: CWE-310

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
6482Mac OS X 10.7 < 10.7.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
59066Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
6039Mac OS X 10.7 < 10.7.2 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
56480Mac OS X 10.7.x < 10.7.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical