Vulnerabilities > Sophos > Endpoint Protection

DATE CVE VULNERABILITY TITLE RISK
2020-02-24 CVE-2020-9363 Interpretation Conflict vulnerability in Sophos products
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive.
network
sophos CWE-436
6.8
2018-04-05 CVE-2018-9233 Use of Password Hash With Insufficient Computational Effort vulnerability in Sophos Endpoint Protection 10.7
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
local
low complexity
sophos CWE-916
2.1
2018-04-05 CVE-2018-4863 7PK - Security Features vulnerability in Sophos Endpoint Protection 10.7
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
local
low complexity
sophos CWE-254
2.1