Unquoted Search Path or Element

CVE-2021-25269

Medium

4.4/10

Summary

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-428 - Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References

Advisory Timeline

Published Nov 26, 2021

Unquoted Search Path or Element

CVE-2021-25269

Summary

CWE-428 - Unquoted Search Path or Element

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS