Search

Find a vulnerability

Search criteria

    142 vulnerabilities found for endpoint_protection by symantec

    CVE-2020-5837 (GCVE-0-2020-5837)

    Vulnerability from nvd – Published: 2020-05-11 19:25 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection Affected: Prior to 14.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-11T19:25:45.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5837",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5837",
        "datePublished": "2020-05-11T19:25:45.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5836 (GCVE-0-2020-5836)

    Vulnerability from nvd – Published: 2020-05-11 19:23 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection Affected: Prior to 14.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.917Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection\u0027s Tamper Protection feature is disabled."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-11T19:23:11.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection\u0027s Tamper Protection feature is disabled."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5836",
        "datePublished": "2020-05-11T19:23:11.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5826 (GCVE-0-2020-5826)

    Vulnerability from nvd – Published: 2020-02-11 17:09 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
    Severity
    No CVSS data available.
    CWE
    • Out of Bounds
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.791Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out of Bounds",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:09:08.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5826",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out of Bounds"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5826",
        "datePublished": "2020-02-11T17:09:08.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5825 (GCVE-0-2020-5825)

    Vulnerability from nvd – Published: 2020-02-11 17:07 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary File Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary File Write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:07:31.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary File Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5825",
        "datePublished": "2020-02-11T17:07:31.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5824 (GCVE-0-2020-5824)

    Vulnerability from nvd – Published: 2020-02-11 17:07 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:07:04.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5824",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5824",
        "datePublished": "2020-02-11T17:07:04.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5823 (GCVE-0-2020-5823)

    Vulnerability from nvd – Published: 2020-02-11 17:04 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:04:40.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5823",
        "datePublished": "2020-02-11T17:04:40.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5822 (GCVE-0-2020-5822)

    Vulnerability from nvd – Published: 2020-02-11 17:04 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:04:33.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5822",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5822",
        "datePublished": "2020-02-11T17:04:33.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5821 (GCVE-0-2020-5821)

    Vulnerability from nvd – Published: 2020-02-11 17:02 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit.
    Severity
    No CVSS data available.
    CWE
    • DLL Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:02:06.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5821",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5821",
        "datePublished": "2020-02-11T17:02:07.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5820 (GCVE-0-2020-5820)

    Vulnerability from nvd – Published: 2020-02-11 17:01 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:01:32.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5820",
        "datePublished": "2020-02-11T17:01:32.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.921Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5311 (GCVE-0-2016-5311)

    Vulnerability from nvd – Published: 2020-01-09 19:30 – Updated: 2024-08-06 01:00
    VLAI
    Summary
    A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
    Severity
    No CVSS data available.
    CWE
    • untrusted search path
    Assigner
    Date Public
    2016-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:00:58.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94295"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037323"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037324"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037325"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360",
              "vendor": "Symantec",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 22.7"
                }
              ]
            },
            {
              "product": "Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client",
              "vendor": "Symantec",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 22.8.0.50"
                }
              ]
            }
          ],
          "datePublic": "2016-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "untrusted search path",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-09T19:30:52.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/94295"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1037323"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1037324"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1037325"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2016-5311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 22.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 22.8.0.50"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "untrusted search path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.securityfocus.com/bid/94295",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/94295"
                },
                {
                  "name": "http://www.securitytracker.com/id/1037323",
                  "refsource": "MISC",
                  "url": "http://www.securitytracker.com/id/1037323"
                },
                {
                  "name": "http://www.securitytracker.com/id/1037324",
                  "refsource": "MISC",
                  "url": "http://www.securitytracker.com/id/1037324"
                },
                {
                  "name": "http://www.securitytracker.com/id/1037325",
                  "refsource": "MISC",
                  "url": "http://www.securitytracker.com/id/1037325"
                },
                {
                  "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2016-5311",
        "datePublished": "2020-01-09T19:30:52.000Z",
        "dateReserved": "2016-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:00:58.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18372 (GCVE-0-2019-18372)

    Vulnerability from nvd – Published: 2019-11-15 17:41 – Updated: 2024-08-05 01:54
    VLAI
    Summary
    Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection Affected: prior to 14.2 RU2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:54:14.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 14.2 RU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-15T17:41:41.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-18372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 14.2 RU2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1488.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-18372",
        "datePublished": "2019-11-15T17:41:41.000Z",
        "dateReserved": "2019-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:54:14.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12758 (GCVE-0-2019-12758)

    Vulnerability from nvd – Published: 2019-11-15 17:37 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
    Severity
    No CVSS data available.
    CWE
    • Unsigned Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection Affected: prior to 14.2 RU2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:54.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 14.2 RU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unsigned Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-18T19:49:22.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12758",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 14.2 RU2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unsigned Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1488.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
                },
                {
                  "name": "https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758",
                  "refsource": "MISC",
                  "url": "https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12758",
        "datePublished": "2019-11-15T17:37:43.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:54.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12757 (GCVE-0-2019-12757)

    Vulnerability from nvd – Published: 2019-11-15 17:37 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: prior to 14.2 RU2 & 12.1 RU6 MP10, prior to 12.1 RU6 MP10d (12.1.7510.7002)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:54.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 14.2 RU2 \u0026 12.1 RU6 MP10, prior to 12.1 RU6 MP10d (12.1.7510.7002)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP), prior to 14.2 RU2 \u0026 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-15T17:37:31.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12757",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 14.2 RU2 \u0026 12.1 RU6 MP10, prior to 12.1 RU6 MP10d (12.1.7510.7002)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP), prior to 14.2 RU2 \u0026 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1488.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12757",
        "datePublished": "2019-11-15T17:37:31.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:54.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12756 (GCVE-0-2019-12756)

    Vulnerability from nvd – Published: 2019-11-15 16:58 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.
    Severity
    No CVSS data available.
    CWE
    • Password Protection Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) Affected: prior to 14.2 RU2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:55.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 14.2 RU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Password Protection Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-15T16:58:23.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 14.2 RU2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Password Protection Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1488.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12756",
        "datePublished": "2019-11-15T16:58:23.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:55.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12750 (GCVE-0-2019-12750)

    Vulnerability from nvd – Published: 2019-07-31 17:42 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition Affected: Prior to 14.2 RU1 & 12.1 RU6 MP10, Prior to 12.1 RU6 MP10c (12.1.7491.7002)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:54.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1487.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155581/Symantec-Endpoint-Protection-Information-Disclosure-Privilege-Escalation.html"
              },
              {
                "name": "20191206 Symantec Endoint Security LPE CVE-2019-12750",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Dec/11"
              },
              {
                "name": "20191213 CVE-2019-12750 - Exploitation Write-ups",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Dec/21"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU1 \u0026 12.1 RU6 MP10, Prior to 12.1 RU6 MP10c (12.1.7491.7002)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection, prior to 14.2 RU1 \u0026 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-13T19:06:07.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1487.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155581/Symantec-Endpoint-Protection-Information-Disclosure-Privilege-Escalation.html"
            },
            {
              "name": "20191206 Symantec Endoint Security LPE CVE-2019-12750",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Dec/11"
            },
            {
              "name": "20191213 CVE-2019-12750 - Exploitation Write-ups",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Dec/21"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12750",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU1 \u0026 12.1 RU6 MP10, Prior to 12.1 RU6 MP10c (12.1.7491.7002)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection, prior to 14.2 RU1 \u0026 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1487.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1487.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155581/Symantec-Endpoint-Protection-Information-Disclosure-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155581/Symantec-Endpoint-Protection-Information-Disclosure-Privilege-Escalation.html"
                },
                {
                  "name": "20191206 Symantec Endoint Security LPE CVE-2019-12750",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Dec/11"
                },
                {
                  "name": "20191213 CVE-2019-12750 - Exploitation Write-ups",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Dec/21"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12750",
        "datePublished": "2019-07-31T17:42:08.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:54.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5837 (GCVE-0-2020-5837)

    Vulnerability from cvelistv5 – Published: 2020-05-11 19:25 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection Affected: Prior to 14.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-11T19:25:45.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5837",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5837",
        "datePublished": "2020-05-11T19:25:45.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5836 (GCVE-0-2020-5836)

    Vulnerability from cvelistv5 – Published: 2020-05-11 19:23 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection Affected: Prior to 14.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.917Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection\u0027s Tamper Protection feature is disabled."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-11T19:23:11.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection\u0027s Tamper Protection feature is disabled."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5836",
        "datePublished": "2020-05-11T19:23:11.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5826 (GCVE-0-2020-5826)

    Vulnerability from cvelistv5 – Published: 2020-02-11 17:09 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
    Severity
    No CVSS data available.
    CWE
    • Out of Bounds
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.791Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out of Bounds",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:09:08.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5826",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out of Bounds"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5826",
        "datePublished": "2020-02-11T17:09:08.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5825 (GCVE-0-2020-5825)

    Vulnerability from cvelistv5 – Published: 2020-02-11 17:07 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary File Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary File Write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:07:31.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary File Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5825",
        "datePublished": "2020-02-11T17:07:31.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5824 (GCVE-0-2020-5824)

    Vulnerability from cvelistv5 – Published: 2020-02-11 17:07 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:07:04.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5824",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5824",
        "datePublished": "2020-02-11T17:07:04.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5823 (GCVE-0-2020-5823)

    Vulnerability from cvelistv5 – Published: 2020-02-11 17:04 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:04:40.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5823",
        "datePublished": "2020-02-11T17:04:40.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5822 (GCVE-0-2020-5822)

    Vulnerability from cvelistv5 – Published: 2020-02-11 17:04 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:04:33.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5822",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5822",
        "datePublished": "2020-02-11T17:04:33.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5821 (GCVE-0-2020-5821)

    Vulnerability from cvelistv5 – Published: 2020-02-11 17:02 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit.
    Severity
    No CVSS data available.
    CWE
    • DLL Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:02:06.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5821",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5821",
        "datePublished": "2020-02-11T17:02:07.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5820 (GCVE-0-2020-5820)

    Vulnerability from cvelistv5 – Published: 2020-02-11 17:01 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T17:01:32.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2020-5820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1505.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2020-5820",
        "datePublished": "2020-02-11T17:01:32.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.921Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5311 (GCVE-0-2016-5311)

    Vulnerability from cvelistv5 – Published: 2020-01-09 19:30 – Updated: 2024-08-06 01:00
    VLAI
    Summary
    A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
    Severity
    No CVSS data available.
    CWE
    • untrusted search path
    Assigner
    Date Public
    2016-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:00:58.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94295"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037323"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037324"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037325"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360",
              "vendor": "Symantec",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 22.7"
                }
              ]
            },
            {
              "product": "Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client",
              "vendor": "Symantec",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 22.8.0.50"
                }
              ]
            }
          ],
          "datePublic": "2016-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "untrusted search path",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-09T19:30:52.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/94295"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1037323"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1037324"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1037325"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2016-5311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 22.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 22.8.0.50"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "untrusted search path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.securityfocus.com/bid/94295",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/94295"
                },
                {
                  "name": "http://www.securitytracker.com/id/1037323",
                  "refsource": "MISC",
                  "url": "http://www.securitytracker.com/id/1037323"
                },
                {
                  "name": "http://www.securitytracker.com/id/1037324",
                  "refsource": "MISC",
                  "url": "http://www.securitytracker.com/id/1037324"
                },
                {
                  "name": "http://www.securitytracker.com/id/1037325",
                  "refsource": "MISC",
                  "url": "http://www.securitytracker.com/id/1037325"
                },
                {
                  "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2016-5311",
        "datePublished": "2020-01-09T19:30:52.000Z",
        "dateReserved": "2016-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:00:58.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18372 (GCVE-0-2019-18372)

    Vulnerability from cvelistv5 – Published: 2019-11-15 17:41 – Updated: 2024-08-05 01:54
    VLAI
    Summary
    Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection Affected: prior to 14.2 RU2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:54:14.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 14.2 RU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-15T17:41:41.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-18372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 14.2 RU2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1488.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-18372",
        "datePublished": "2019-11-15T17:41:41.000Z",
        "dateReserved": "2019-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:54:14.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12758 (GCVE-0-2019-12758)

    Vulnerability from cvelistv5 – Published: 2019-11-15 17:37 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
    Severity
    No CVSS data available.
    CWE
    • Unsigned Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection Affected: prior to 14.2 RU2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:54.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 14.2 RU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unsigned Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-18T19:49:22.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12758",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 14.2 RU2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unsigned Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1488.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
                },
                {
                  "name": "https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758",
                  "refsource": "MISC",
                  "url": "https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12758",
        "datePublished": "2019-11-15T17:37:43.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:54.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12757 (GCVE-0-2019-12757)

    Vulnerability from cvelistv5 – Published: 2019-11-15 17:37 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE) Affected: prior to 14.2 RU2 & 12.1 RU6 MP10, prior to 12.1 RU6 MP10d (12.1.7510.7002)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:54.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 14.2 RU2 \u0026 12.1 RU6 MP10, prior to 12.1 RU6 MP10d (12.1.7510.7002)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP), prior to 14.2 RU2 \u0026 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-15T17:37:31.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12757",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 14.2 RU2 \u0026 12.1 RU6 MP10, prior to 12.1 RU6 MP10d (12.1.7510.7002)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP), prior to 14.2 RU2 \u0026 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1488.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12757",
        "datePublished": "2019-11-15T17:37:31.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:54.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12756 (GCVE-0-2019-12756)

    Vulnerability from cvelistv5 – Published: 2019-11-15 16:58 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.
    Severity
    No CVSS data available.
    CWE
    • Password Protection Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection (SEP) Affected: prior to 14.2 RU2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:55.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection (SEP)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 14.2 RU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Password Protection Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-15T16:58:23.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection (SEP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 14.2 RU2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Password Protection Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1488.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12756",
        "datePublished": "2019-11-15T16:58:23.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:55.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12750 (GCVE-0-2019-12750)

    Vulnerability from cvelistv5 – Published: 2019-07-31 17:42 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition Affected: Prior to 14.2 RU1 & 12.1 RU6 MP10, Prior to 12.1 RU6 MP10c (12.1.7491.7002)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:54.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1487.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155581/Symantec-Endpoint-Protection-Information-Disclosure-Privilege-Escalation.html"
              },
              {
                "name": "20191206 Symantec Endoint Security LPE CVE-2019-12750",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Dec/11"
              },
              {
                "name": "20191213 CVE-2019-12750 - Exploitation Write-ups",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Dec/21"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 14.2 RU1 \u0026 12.1 RU6 MP10, Prior to 12.1 RU6 MP10c (12.1.7491.7002)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Endpoint Protection, prior to 14.2 RU1 \u0026 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-13T19:06:07.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1487.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155581/Symantec-Endpoint-Protection-Information-Disclosure-Privilege-Escalation.html"
            },
            {
              "name": "20191206 Symantec Endoint Security LPE CVE-2019-12750",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Dec/11"
            },
            {
              "name": "20191213 CVE-2019-12750 - Exploitation Write-ups",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Dec/21"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12750",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 14.2 RU1 \u0026 12.1 RU6 MP10, Prior to 12.1 RU6 MP10c (12.1.7491.7002)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Endpoint Protection, prior to 14.2 RU1 \u0026 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1487.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1487.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155581/Symantec-Endpoint-Protection-Information-Disclosure-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155581/Symantec-Endpoint-Protection-Information-Disclosure-Privilege-Escalation.html"
                },
                {
                  "name": "20191206 Symantec Endoint Security LPE CVE-2019-12750",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Dec/11"
                },
                {
                  "name": "20191213 CVE-2019-12750 - Exploitation Write-ups",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Dec/21"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12750",
        "datePublished": "2019-07-31T17:42:08.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:54.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }