Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.
AnalysisAI
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. Affected products include: Sophos Hitmanpro.Alert.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Hitmanpro Alert
View allAn exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Aler
An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Al
Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. Rated high severity (CVSS 7.8), this vulner
Share
External POC / Exploit Code
Leaving vuln.today