CVE-2018-3970 - Information Leak / Disclosure vulnerability in Sophos Hitmanpro.Alert 3.7.6.744

Publication

2018-10-25

Last modification

2019-01-25

Summary

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

Description

Sophos HitmanPro.Alert is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability 2. A local privilege-escalation vulnerability An attacker can leverage these issues to obtain sensitive information and gain elevated privileges. Failed exploit attempts may result in a denial of service condition. Sophos HitmanPro.Alert is 3.7.6.744 is vulnerable; other versions may also be affected.

Solution

Updates are available. Please see the references or vendor advisory for more information.

Exploit

Exploit codes are available; please see the references for more information.

Classification

CWE-200 - Information Leak / Disclosure

Risk level (CVSS AV:L/AC:L/Au:N/C:P/I:N/A:N)

Low

2.1

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Sophos Hitmanpro.Alert  3.7.6.744