CVE-2018-3971 - Write-what-where Condition vulnerability in Sophos Hitmanpro.Alert 3.7.6.744

Publication

2018-10-25

Last modification

2019-01-25

Summary

An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.

Description

Sophos HitmanPro.Alert is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability 2. A local privilege-escalation vulnerability An attacker can leverage these issues to obtain sensitive information and gain elevated privileges. Failed exploit attempts may result in a denial of service condition. Sophos HitmanPro.Alert is 3.7.6.744 is vulnerable; other versions may also be affected.

Solution

Updates are available. Please see the references or vendor advisory for more information.

Exploit

Exploit codes are available; please see the references for more information.

Classification

CWE-123 - Write-what-where Condition

Risk level (CVSS AV:L/AC:L/Au:N/C:C/I:C/A:C)

High

7.2

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Sophos Hitmanpro.Alert  3.7.6.744