cnvd - cnvd-2017-36232

cnvd-2017-36232

Vulnerability from cnvd

Title: Symantec Endpoint Protection权限提升漏洞

Description:

Symantec Endpoint Protection是一款企业版病毒防护软件。

SEP 12.1 RU6 MP9之前的Symantec Endpoint Protection存在权限提升漏洞。用户可利用该漏洞越权访问资源。

Severity: 中

Patch Name: Symantec Endpoint Protection权限提升漏洞的补丁

Patch Description:

Symantec Endpoint Protection是一款企业版病毒防护软件。

SEP 12.1 RU6 MP9之前的Symantec Endpoint Protection存在权限提升漏洞。用户可利用该漏洞越权访问资源。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-13681

Impacted products

Name
Symantec Endpoint Protection（SEP） <12.1 RU6 MP9

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-13681"
    }
  },
  "description": "Symantec Endpoint Protection\u662f\u4e00\u6b3e\u4f01\u4e1a\u7248\u75c5\u6bd2\u9632\u62a4\u8f6f\u4ef6\u3002\r\n\r\nSEP 12.1 RU6 MP9\u4e4b\u524d\u7684Symantec Endpoint Protection\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u7528\u6237\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8d8a\u6743\u8bbf\u95ee\u8d44\u6e90\u3002",
  "discovererName": "Matthieu Buffet on behalf of ANSSI.",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171106_00",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36232",
  "openTime": "2017-12-05",
  "patchDescription": "Symantec Endpoint Protection\u662f\u4e00\u6b3e\u4f01\u4e1a\u7248\u75c5\u6bd2\u9632\u62a4\u8f6f\u4ef6\u3002\r\n\r\nSEP 12.1 RU6 MP9\u4e4b\u524d\u7684Symantec Endpoint Protection\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u7528\u6237\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8d8a\u6743\u8bbf\u95ee\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Symantec Endpoint Protection\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Symantec Endpoint Protection\uff08SEP\uff09 \u003c12.1 RU6 MP9"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13681",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-07",
  "title": "Symantec Endpoint Protection\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2017-13681 (GCVE-0-2017-13681)

Vulnerability from cvelistv5

Published

2017-11-06 23:00

Modified

2024-09-16 23:16

Severity ?

CWE

Privilege Escalation

Summary

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1039775	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/101504	vdb-entry, x_refsource_BID
	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Symantec Corporation	Symantec Endpoint Protection	Version: Prior to SEP 12.1 RU6 MP9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:05:19.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039775",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039775"
          },
          {
            "name": "101504",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101504"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171106_00"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Symantec Endpoint Protection",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to SEP 12.1 RU6 MP9"
            }
          ]
        }
      ],
      "datePublic": "2017-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T10:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "name": "1039775",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039775"
        },
        {
          "name": "101504",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101504"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171106_00"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "DATE_PUBLIC": "2017-11-06T00:00:00",
          "ID": "CVE-2017-13681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Symantec Endpoint Protection",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to SEP 12.1 RU6 MP9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Symantec Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039775",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039775"
            },
            {
              "name": "101504",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101504"
            },
            {
              "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171106_00",
              "refsource": "CONFIRM",
              "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171106_00"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2017-13681",
    "datePublished": "2017-11-06T23:00:00Z",
    "dateReserved": "2017-08-24T00:00:00",
    "dateUpdated": "2024-09-16T23:16:25.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted