Lucene search

[email protected]CVE-2018-6851

HistoryJul 09, 2018 - 6:29 p.m.

CVE-2018-6851

2018-07-0918:29:00

CWE-119

[email protected]

web.nvd.nist.gov

sophos

safeguard

enterprise

safeguard easy

safeguard lan crypt

local privilege escalation

ioctl

vulnerability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.

CPENameOperatorVersion
sophos:safeguard_lan_crypt_clientsophos safeguard lan crypt clienteq3.95.1
sophos:safeguard_lan_crypt_clientsophos safeguard lan crypt clienteq3.90.2
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq8.00
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq7.00
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq6.10
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq6.00
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq6.00.1
sophos:safeguard_easy_device_encryption_clientsophos safeguard easy device encryption clienteq6.00
sophos:safeguard_easy_device_encryption_clientsophos safeguard easy device encryption clienteq6.10
sophos:safeguard_easy_device_encryption_clientsophos safeguard easy device encryption clienteq7.00

CPE	Name	Operator	Version
sophos:safeguard_lan_crypt_client	sophos safeguard lan crypt client	eq	3.95.1
sophos:safeguard_lan_crypt_client	sophos safeguard lan crypt client	eq	3.90.2
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	8.00
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	7.00
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	6.10
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	6.00
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	6.00.1
sophos:safeguard_easy_device_encryption_client	sophos safeguard easy device encryption client	eq	6.00
sophos:safeguard_easy_device_encryption_client	sophos safeguard easy device encryption client	eq	6.10
sophos:safeguard_easy_device_encryption_client	sophos safeguard easy device encryption client	eq	7.00

Rows per page:

1-10 of 121

References

seclists.org/fulldisclosure/2018/Jul/20

community.sophos.com/kb/en-us/131934

labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2018-6851

cvelist1 prion1 openvas1