Denial of Service Vulnerability in Sophos Tester Tool by Sophos
CVE-2018-6319

5.5MEDIUM

Key Information:

Vendor: Sophos
Status: Sophos Tester
Vendor: CVE Published:; 2 February 2018

What is CVE-2018-6319?

In Sophos Tester Tool 3.2.0.7 Beta, a vulnerability exists where the driver accepts a special DeviceIoControl code without verifying its arguments. This leads to potential exploitation when a NULL pointer or an invalid memory address is passed, resulting in a system crash (Blue Screen of Death). If malicious software triggers this vulnerability during the boot process, it can cause ongoing denial of service, rendering the machine inoperable.

References

https://29wspy.ru/exploits/CVE-2018-6319.pdf

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2018
Vulnerability Reserved
Jan 26, 2018