CVE-2018-6855

Name of the Vulnerable Software and Affected Versions Sophos SafeGuard Enterprise versions prior to 8.00.5 Sophos SafeGuard Easy versions prior to 7.00.3 Sophos SafeGuard LAN Crypt versions prior to 3.95.2

Description The issue allows for Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer, an attacker can control the execution path, allowing them to write a constant value to a user-controlled address. This can be used to modify the SEP TOKEN PRIVILEGES structure of the Token object, granting the SE DEBUG NAME privilege. This privilege enables the exploit process to interact with higher-privileged processes running as SYSTEM and execute code in their security context.

Recommendations For Sophos SafeGuard Enterprise versions prior to 8.00.5, update to version 8.00.5 or later. For Sophos SafeGuard Easy versions prior to 7.00.3, update to version 7.00.3 or later. For Sophos SafeGuard LAN Crypt versions prior to 3.95.2, update to version 3.95.2 or later.