vendor:
Sophos
by:
2018
undermining the integrity of the endpoint protection."
CVSS
5.5
Tamper Protection Bypass
CVE-2018-4863
CWE
Product Name: Sophos
Affected Version From: YES
Affected Version To: Sophos Endpoint Protection v10.7
Patch Exists: Sophos has released a patch to address this vulnerability. Users should update to the latest version of Sophos Endpoint Protection.
Related CWE: John Page (aka hyp3rlinx)
CPE: Sophos Endpoint Protection v10.7
Metasploit:
https://www.exploit-db.com/raw/44410
Other Scripts:
N/A
Platforms Tested: Sophos Endpoint Protection
MEDIUM
Tamper Protection Bypass
Sophos Endpoint Protection offers an enhanced tamper protection mechanism which can be bypassed by deleting the registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense". This allows attackers to create arbitrary registry keys or edit keys and settings under the protected ""tamper"" protection config key
Mitigation:
284
