Sophos Endpoint Protection
By the Year
In 2024 there have been 0 vulnerabilities in Sophos Endpoint Protection . Endpoint Protection did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 1 | 7.80 |
2019 | 0 | 0.00 |
2018 | 2 | 6.65 |
It may take a day or so for new Endpoint Protection vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sophos Endpoint Protection Security Vulnerabilities
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive
CVE-2020-9363
7.8 - High
- February 24, 2020
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.
Interpretation Conflict
Sophos Endpoint Protection 10.7
CVE-2018-4863
5.5 - Medium
- April 05, 2018
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
7PK - Security Features
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings
CVE-2018-9233
7.8 - High
- April 05, 2018
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
Use of Password Hash With Insufficient Computational Effort
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sophos Endpoint Protection or by Sophos? Click the Watch button to subscribe.