Lucene search

[email protected]CVE-2018-6857

HistoryJul 09, 2018 - 6:29 p.m.

CVE-2018-6857

2018-07-0918:29:00

CWE-119

[email protected]

web.nvd.nist.gov

sophos

safeguard enterprise

safeguard easy

safeguard lan crypt

vulnerability

local privilege escalation

cve-2018-6857

security

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.

CPENameOperatorVersion
sophos:safeguard_lan_crypt_clientsophos safeguard lan crypt clienteq3.95.1
sophos:safeguard_lan_crypt_clientsophos safeguard lan crypt clienteq3.90.2
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq8.00
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq7.00
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq6.10
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq6.00
sophos:safeguard_enterprise_clientsophos safeguard enterprise clienteq6.00.1
sophos:safeguard_easy_device_encryption_clientsophos safeguard easy device encryption clienteq6.00
sophos:safeguard_easy_device_encryption_clientsophos safeguard easy device encryption clienteq6.10
sophos:safeguard_easy_device_encryption_clientsophos safeguard easy device encryption clienteq7.00

CPE	Name	Operator	Version
sophos:safeguard_lan_crypt_client	sophos safeguard lan crypt client	eq	3.95.1
sophos:safeguard_lan_crypt_client	sophos safeguard lan crypt client	eq	3.90.2
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	8.00
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	7.00
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	6.10
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	6.00
sophos:safeguard_enterprise_client	sophos safeguard enterprise client	eq	6.00.1
sophos:safeguard_easy_device_encryption_client	sophos safeguard easy device encryption client	eq	6.00
sophos:safeguard_easy_device_encryption_client	sophos safeguard easy device encryption client	eq	6.10
sophos:safeguard_easy_device_encryption_client	sophos safeguard easy device encryption client	eq	7.00

Rows per page:

1-10 of 121

References

seclists.org/fulldisclosure/2018/Jul/20

community.sophos.com/kb/en-us/131934

labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2018-6857

prion1 cvelist1 openvas1