Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sophos SafeGuard Enterprise ‘Device Encryption Client’组件权限许可和访问控制漏洞
Vulnerability Description
Sophos SafeGuard Enterprise 6.0版本中的Device Encryption Client组件中存在漏洞,该漏洞源于volume-based加密启用与用户自定义的密钥结合时,未正确地阻止访问exFAT的USB闪存驱动器。本地攻击者可利用该漏洞通过多个删除和重新连接操作,绕过目地访问限制并复制敏感信息到驱动程序。
CVSS Information
N/A
Vulnerability Type
N/A