ID CVE-2017-13681
Summary Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:endpoint_protection:*:m9:*:*:*:*:*:*
    cpe:2.3:a:symantec:endpoint_protection:*:m9:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 101504
confirm https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00
sectrack 1039775
Last major update 03-10-2019 - 00:03
Published 06-11-2017 - 23:29
Last modified 03-10-2019 - 00:03
Back to Top