Researchers discovered several vulnerabilities in Sophos SafeGuard full-disk and file encryption products. The flaws allow an attacker to escalate privileges on a compromised device and execute arbitrary code with SYSTEM permissions.
A total of seven local privilege escalation vulnerabilities have been identified by researchers at Nettitude. The security holes can be exploited via various IOCTL calls using specially crafted input buffers that allow attackers to control the execution path.
Nettitude has published technical details for each of the flaws, along with a video showing how an attacker with access to the targeted device can escalate privileges to SYSTEM.
According to an advisory published on Tuesday by Sophos, the vulnerabilities affect various versions of SafeGuard Enterprise Client, SafeGuard Easy and SafeGuard LAN Crypt for Windows. The bugs have been assigned the CVE identifiers CVE-2018-6851 through CVE-2018-6857.
“Sophos is not aware of any attacks leveraging those vulnerabilities or exploits for them being available,” the security firm wrote in its advisory. “Exploitation of those vulnerabilities requires running malicious code on the target machine and can result in privilege escalation. This vulnerability is not remotely exploitable (i.e. over the network).”
The vulnerabilities were reported to Sophos in January and patches were created in April. Sophos has advised users to install the available patches.