Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

hitmanpro.alert

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2021-25270
Assigner-Sophos Limited
ShareView Details
Assigner-Sophos Limited
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.08%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 23:11
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.

Action-Not Available
Vendor-Sophos Ltd.
Product-hitmanpro.alertHitmanPro.Alert
CVE-2020-9540
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.20%
||
7 Day CHG~0.00%
Published-01 Mar, 2020 | 23:50
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-hitmanpro.alertn/a
CVE-2018-3970
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.13%
||
7 Day CHG~0.00%
Published-25 Oct, 2018 | 18:00
Updated-17 Sep, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

Action-Not Available
Vendor-Sophos Ltd.Talos (Cisco Systems, Inc.)
Product-hitmanpro.alertSophos
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2018-3971
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 17.08%
||
7 Day CHG~0.00%
Published-25 Oct, 2018 | 18:00
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.

Action-Not Available
Vendor-Sophos Ltd.Talos (Cisco Systems, Inc.)
Product-hitmanpro.alertSophos
CWE ID-CWE-123
Write-what-where Condition