\ CVE-2018-6318 - Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7 | Vumetric Cyber Portal

CVE-2018-6318 - Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7

Publication

2018-02-02

Last modification

2018-02-15

Summary

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.

Classification

CWE-426 - Untrusted Search Path

Risk level (CVSS AV:N/AC:M/Au:N/C:C/I:C/A:C)

High

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Sophos Sophos Tester  3.2.0.7