Vulnerability Description
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sophos | Exploit Prevention | < 3.8.3 |
| Sophos | Intercept X Endpoint | < 2.0.23 |
| Sophos | Intercept X For Server | < 2.0.23 |
Related Weaknesses (CWE)
References
- https://www.sophos.com/en-us/security-advisories/sophos-sa-20211126-ixa-hmpa-locVendor Advisory
- https://www.sophos.com/en-us/security-advisories/sophos-sa-20211126-ixa-hmpa-locVendor Advisory
FAQ
What is CVE-2021-25269?
CVE-2021-25269 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sopho...
How severe is CVE-2021-25269?
CVE-2021-25269 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25269?
Check the references section above for vendor advisories and patch information. Affected products include: Sophos Exploit Prevention, Sophos Intercept X Endpoint, Sophos Intercept X For Server.