Can Sophos AV block CVE-2021-21985 and CVE-2021-21986 on VMwares?

Hi,

We are using Sophos Enterprise Console 5.5.2.

Anti-virus version is 10.8.11.22 with detection engine 3.82.0.

Does this version can block  CVE-2021-21985 and CVE-2021-21986?

We have vmware and I just recently found out that it has exploit with this CVE's.

Hoping to get a feedback with others who have similar case.

Regards,

Marvin

Parents
  • Hello Marvin,

    to clarify a few things:

    • on the IPS database of Sophos Enterprise 5.52 - the SEC version (and to a certain extent the SAV version as well) is irrelevant, HIPS configuration and rules are independently and  infrequently updated
    • block  CVE-2021-21985 and CVE-2021-21986 - both are, if I understand correctly, vulnerabilities in plugins of vCenter Server and exploitable via port 443, specifically for CVE-2021-21986 a Man-In-The-Middle attack is a top attack pattern. Thus both don't fall within the remit of classic AV
    • the purpose of CVEs is not: There's a CVE and my security software (and its vendor) will or should deal with it

    Just my two cents
    Christian


     


       

Reply
  • Hello Marvin,

    to clarify a few things:

    • on the IPS database of Sophos Enterprise 5.52 - the SEC version (and to a certain extent the SAV version as well) is irrelevant, HIPS configuration and rules are independently and  infrequently updated
    • block  CVE-2021-21985 and CVE-2021-21986 - both are, if I understand correctly, vulnerabilities in plugins of vCenter Server and exploitable via port 443, specifically for CVE-2021-21986 a Man-In-The-Middle attack is a top attack pattern. Thus both don't fall within the remit of classic AV
    • the purpose of CVEs is not: There's a CVE and my security software (and its vendor) will or should deal with it

    Just my two cents
    Christian


     


       

Children
No Data