{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T14:33:22.307","vulnerabilities":[{"cve":{"id":"CVE-2018-3971","sourceIdentifier":"talos-cna@cisco.com","published":"2018-10-25T18:29:00.427","lastModified":"2024-11-21T04:06:24.600","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad explotable de escritura arbitraria en la funcionalidad de manejo de llamadas IOCTL 0x2222CC de Sophos HitmanPro.Alert 3.7.6.744. Una petición IRP especialmente manipulada puede provocar que el controlador escriba datos en una dirección controlada por un atacante, lo que resulta en una corrupción de memoria. Un atacante puede enviar una petición IRP para provocar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-123"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sophos:hitmanpro.alert:3.7.6.744:*:*:*:*:*:*:*","matchCriteriaId":"E84ED4F7-9CBE-4E15-B862-7E64A2F6922D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105743","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0636","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/105743","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0636","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}