Denial of Service Vulnerability in Sophos Tester Tool by Sophos
CVE-2018-6319

5.5MEDIUM

Key Information:

Vendor
Sophos
Vendor
CVE Published:
2 February 2018

Summary

In Sophos Tester Tool 3.2.0.7 Beta, a vulnerability exists where the driver accepts a special DeviceIoControl code without verifying its arguments. This leads to potential exploitation when a NULL pointer or an invalid memory address is passed, resulting in a system crash (Blue Screen of Death). If malicious software triggers this vulnerability during the boot process, it can cause ongoing denial of service, rendering the machine inoperable.

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.