CVE-2024-8885
Published: 02 October 2024
Summary
CVE-2024-8885 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Sophos Intercept X (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, ranked at the 12.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49456
Vulnerability details
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Provenance of associated data allows detection of untrusted sources before deserialization or processing occurs.
Security groups frequently discuss maintenance status of third-party components, aiding identification and avoidance of unmaintained ones.
Penetration testing supplies malicious serialized objects, detecting unsafe deserialization and supporting corrective actions.
Maintaining an accurate, reviewed inventory of all system components enables tracking of third-party software versions and maintenance status, reducing the risk of using unmaintained components.
The maintenance policy requires regular updates and upkeep of systems and third-party components, directly reducing the presence of unmaintained software that attackers can exploit.
Requiring quick access to maintenance support and spare parts after failure necessitates using actively supported components rather than unmaintained third-party ones.
Contact with security communities directly informs personnel of unmaintained components and their vulnerabilities, reducing the likelihood of their continued use.
Threat intelligence sharing directly informs organizations of newly discovered vulnerabilities and exploitation in third-party components, enabling timely updates or replacement before attackers can leverage them.