Lucene search

[email protected]NVD:CVE-2018-3970

HistoryOct 25, 2018 - 6:29 p.m.

CVE-2018-3970

2018-10-2518:29:00

CWE-908

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

Affected configurations

Nvd

Node

sophoshitmanpro.alertMatch3.7.6.744

VendorProductVersionCPE
sophoshitmanpro.alert3.7.6.744cpe:2.3:a:sophos:hitmanpro.alert:3.7.6.744:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sophos	hitmanpro.alert	3.7.6.744	cpe:2.3:a:sophos:hitmanpro.alert:3.7.6.744:::::::*

References

www.securityfocus.com/bid/105743

www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

Related for NVD:CVE-2018-3970

talos1 cvelist1 cve1 prion1 talosblog1 openvas1