vendor:
Sophos Antivirus
by:
Tavis Ormandy
9,8
CVSS
HIGH
Remote Root Exploit
20
CWE
Product Name: Sophos Antivirus
Affected Version From: Sophos 8.0.6
Affected Version To: Sophos 8.0.6
Patch Exists: YES
Related CWE: N/A
CPE: a:sophos:sophos_antivirus
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Mac, Windows, Linux
2020
Practical Attacks against Sophos Antivirus
This paper describes realistic attacks against networks using Sophos products. It includes a working pre-authentication remote root exploit that requires zero-interation, and could be wormed within the next few days.
Mitigation:
Administrators deploying Sophos products should study the results and implement the recommendations. Best practices for Sophos users should be followed to minimise the potential damage to their assets caused by Sophos.
