CVE-2021-25269

4.4MEDIUM

Key Information:

Vendor: Sophos
Status: Intercept X Advanced; Intercept X Advanced For Server; Sophos Exploit Prevention
Vendor: CVE Published:; 26 November 2021

Summary

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.

Affected Version(s)

Intercept X Advanced < 2.0.23

Intercept X Advanced for Server < 2.0.23

Sophos Exploit Prevention < 3.8.3

References

https://www.sophos.com/en-us/security-advisories/sophos-s...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2021
Vulnerability Reserved
Jan 15, 2021

Collectors

NVD DatabaseMitre Database

Credit

Andrea Intilangelo

Florian Hansemann