PT-2024-7629 · Sophos · Sophos Intercept X
Sina Kheirkhah
·
Published
2024-09-16
·
Updated
2024-10-07
·
CVE-2024-8885
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sophos Intercept X for Windows with Central Device Encryption versions 2024.2.0 and earlier
Description
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption allows writing of arbitrary files. This issue is related to the use of unsupported third-party components in the Device Encryption component. Exploitation of this vulnerability may allow an attacker to write arbitrary files.
Recommendations
For Sophos Intercept X for Windows with Central Device Encryption version 2024.2.0 and earlier, update to version 2024.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Device Encryption component to minimize the risk of exploitation. Avoid using the vulnerable component until the issue is resolved.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sophos Intercept X