CVE-2018-4863 - Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism

CVE-2018-4863

Summary

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.

References

http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-v10.7-TAMPER-PROTECTION-BYPASS-CVE-2018-4863.txt
http://seclists.org/fulldisclosure/2018/Apr/6
https://www.exploit-db.com/exploits/44410/

Vulnerable Configurations

cpe:2.3:a:sophos:endpoint_protection:10.7:*:*:*:*:*:*:*
cpe:2.3:a:sophos:endpoint_protection:10.7:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 18-05-2018 - 15:32)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

refmap via4

exploit-db	44410
fulldisc	20180403 CVE-2018-4863 Sophos Endpoint Protection v10.7 / Tamper Protection Bypass
misc	http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-v10.7-TAMPER-PROTECTION-BYPASS-CVE-2018-4863.txt

Last major update

18-05-2018 - 15:32

Published

05-04-2018 - 17:29

Last modified

18-05-2018 - 15:32