Lucene search

[email protected]CVE-2018-6853

HistoryJul 09, 2018 - 6:29 p.m.

CVE-2018-6853

2018-07-0918:29:00

CWE-119

[email protected]

web.nvd.nist.gov

sophos

safeguard

enterprise

safeguard easy

safeguard lan crypt

vulnerability

local privilege escalation

ioctl 0x80206024

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.

CPENameOperatorVersion
sophos:safeguard_lan_crypt_clientsophos safeguard lan crypt clienteq3.95.1
sophos:safeguard_lan_crypt_clientsophos safeguard lan crypt clienteq3.90.2
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq8.00
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq7.00
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq6.10
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq6.00
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq6.00.1
sophos:safeguard_easy_device_encryption_clientsophos safeguard easy device encryption clienteq6.00
sophos:safeguard_easy_device_encryption_clientsophos safeguard easy device encryption clienteq6.10
sophos:safeguard_easy_device_encryption_clientsophos safeguard easy device encryption clienteq7.00

CPE	Name	Operator	Version
sophos:safeguard_lan_crypt_client	sophos safeguard lan crypt client	eq	3.95.1
sophos:safeguard_lan_crypt_client	sophos safeguard lan crypt client	eq	3.90.2
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	8.00
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	7.00
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	6.10
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	6.00
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	6.00.1
sophos:safeguard_easy_device_encryption_client	sophos safeguard easy device encryption client	eq	6.00
sophos:safeguard_easy_device_encryption_client	sophos safeguard easy device encryption client	eq	6.10
sophos:safeguard_easy_device_encryption_client	sophos safeguard easy device encryption client	eq	7.00

Rows per page:

1-10 of 121

References

seclists.org/fulldisclosure/2018/Jul/20

community.sophos.com/kb/en-us/131934

labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2018-6853

prion1 cvelist1 openvas1