Lucene search

MitreCVE-2018-6855

HistoryJul 09, 2018 - 6:29 p.m.

CVE-2018-6855

2018-07-0918:29:00

CWE-119

mitre

web.nvd.nist.gov

sophos

safeguard

enterprise

safeguard easy

safeguard lan crypt

local privilege escalation

vulnerability

security

exploit

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer we can control the execution path to the point where the constant 0xFFFFFFF will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.

Affected configurations

Nvd

Node

sophossafeguard_easy_device_encryption_clientMatch6.00

sophossafeguard_easy_device_encryption_clientMatch6.10

sophossafeguard_easy_device_encryption_clientMatch7.00

sophossafeguard_enterprise_clientMatch5.60.3vs-nfd

sophossafeguard_enterprise_clientMatch6.00

sophossafeguard_enterprise_clientMatch6.00.1

sophossafeguard_enterprise_clientMatch6.10

sophossafeguard_enterprise_clientMatch7.00

sophossafeguard_enterprise_clientMatch8.00

sophossafeguard_lan_crypt_clientMatch3.90.1ts

sophossafeguard_lan_crypt_clientMatch3.90.2

sophossafeguard_lan_crypt_clientMatch3.95.1

sophossafeguard_lan_crypt_clientMatch3.95.1ts

VendorProductVersionCPE
sophossafeguard_easy_device_encryption_client6.00cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:6.00:*:*:*:*:*:*:*
sophossafeguard_easy_device_encryption_client6.10cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:6.10:*:*:*:*:*:*:*
sophossafeguard_easy_device_encryption_client7.00cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:7.00:*:*:*:*:*:*:*
sophossafeguard_enterprise_client5.60.3cpe:2.3:a:sophos:safeguard_enterprise_client:5.60.3:vs-nfd:*:*:*:*:*:*
sophossafeguard_enterprise_client6.00cpe:2.3:a:sophos:safeguard_enterprise_client:6.00:*:*:*:*:*:*:*
sophossafeguard_enterprise_client6.00.1cpe:2.3:a:sophos:safeguard_enterprise_client:6.00.1:*:*:*:*:*:*:*
sophossafeguard_enterprise_client6.10cpe:2.3:a:sophos:safeguard_enterprise_client:6.10:*:*:*:*:*:*:*
sophossafeguard_enterprise_client7.00cpe:2.3:a:sophos:safeguard_enterprise_client:7.00:*:*:*:*:*:*:*
sophossafeguard_enterprise_client8.00cpe:2.3:a:sophos:safeguard_enterprise_client:8.00:*:*:*:*:*:*:*
sophossafeguard_lan_crypt_client3.90.1cpe:2.3:a:sophos:safeguard_lan_crypt_client:3.90.1:ts:*:*:*:*:*:*

Vendor	Product	Version	CPE
sophos	safeguard_easy_device_encryption_client	6.00	cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:6.00:::::::*
sophos	safeguard_easy_device_encryption_client	6.10	cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:6.10:::::::*
sophos	safeguard_easy_device_encryption_client	7.00	cpe:2.3:a:sophos:safeguard_easy_device_encryption_client:7.00:::::::*
sophos	safeguard_enterprise_client	5.60.3	cpe:2.3:a:sophos:safeguard_enterprise_client:5.60.3:vs-nfd::::::
sophos	safeguard_enterprise_client	6.00	cpe:2.3:a:sophos:safeguard_enterprise_client:6.00:::::::*
sophos	safeguard_enterprise_client	6.00.1	cpe:2.3:a:sophos:safeguard_enterprise_client:6.00.1:::::::*
sophos	safeguard_enterprise_client	6.10	cpe:2.3:a:sophos:safeguard_enterprise_client:6.10:::::::*
sophos	safeguard_enterprise_client	7.00	cpe:2.3:a:sophos:safeguard_enterprise_client:7.00:::::::*
sophos	safeguard_enterprise_client	8.00	cpe:2.3:a:sophos:safeguard_enterprise_client:8.00:::::::*
sophos	safeguard_lan_crypt_client	3.90.1	cpe:2.3:a:sophos:safeguard_lan_crypt_client:3.90.1:ts::::::

Rows per page:

1-10 of 131

References

seclists.org/fulldisclosure/2018/Jul/20

community.sophos.com/kb/en-us/131934

labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVE-2018-6855