Denial of Service Vulnerability in Sophos Tester Tool by Sophos
CVE-2018-6319
5.5MEDIUM
Summary
In Sophos Tester Tool 3.2.0.7 Beta, a vulnerability exists where the driver accepts a special DeviceIoControl code without verifying its arguments. This leads to potential exploitation when a NULL pointer or an invalid memory address is passed, resulting in a system crash (Blue Screen of Death). If malicious software triggers this vulnerability during the boot process, it can cause ongoing denial of service, rendering the machine inoperable.
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved