CVE-2018-3970 - OpenCVE

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sophos	Hitmanpro.alert

Configuration 1 [-]

cpe:2.3:a:sophos:hitmanpro.alert:3.7.6.744:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/105743	Broken Link Third Party Advisory VDB Entry
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2018-10-25T00:00:00

Updated: 2022-04-19T18:07:13

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-3970

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-25T18:29:00.257

Modified: 2023-02-02T13:47:37.060

Link: CVE-2018-3970

JSON object: View

Redhat Information

No data.

CWE

CWE-908

{"containers": {"cna": {"affected": [{"product": "Sophos", "vendor": "Talos", "versions": [{"status": "affected", "version": "Sophos Hitmanro.Alert - hmpalert.sys 3.7.6.744"}]}], "datePublic": "2018-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "memory disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T18:07:13", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "105743", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105743"}, {"tags": ["x_refsource_MISC"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "DATE_PUBLIC": "2018-10-25T00:00:00", "ID": "CVE-2018-3970", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Sophos", "version": {"version_data": [{"version_value": "Sophos Hitmanro.Alert - hmpalert.sys 3.7.6.744"}]}}]}, "vendor_name": "Talos"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 4, "baseSeverity": "Medium", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "memory disclosure"}]}]}, "references": {"reference_data": [{"name": "105743", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105743"}, {"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635"}]}}}}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2018-3970", "datePublished": "2018-10-25T00:00:00", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2022-04-19T18:07:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sophos:hitmanpro.alert:3.7.6.744:*:*:*:*:*:*:*", "matchCriteriaId": "E84ED4F7-9CBE-4E15-B862-7E64A2F6922D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable de divulgaci\u00f3n de memoria en la funcionalidad de manejo de llamadas IOCTL 0x222000 de Sophos HitmanPro.Alert 3.7.6.744. Una petici\u00f3n IRP especialmente manipulada puede provocar que el controlador devuelva memoria no inicializada, lo que resulta en la divulgaci\u00f3n de la memoria del kernel. Un atacante puede enviar una petici\u00f3n IRP manipulada para provocar esta vulnerabilidad."}], "id": "CVE-2018-3970", "lastModified": "2023-02-02T13:47:37.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-25T18:29:00.257", "references": [{"source": "talos-cna@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105743"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}