Multiple vulnerabilities in several Symantec Endpoint Protection products



Published: 2019-11-18
Risk Low
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2019-12758
CVE-2019-12756
CVE-2019-18372
CVE-2019-12759
CVE-2019-12757
CWE-ID CWE-693
CWE-287
CWE-264
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		Symantec Endpoint Protection
Client/Desktop applications / Antivirus software/Personal firewalls

Symantec Endpoint Protection Manager
Client/Desktop applications / Antivirus software/Personal firewalls

Symantec Endpoint Protection Small Business Edition
Client/Desktop applications / Antivirus software/Personal firewalls

Symantec Mail Security for Microsoft Exchange (SMSMSE)
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Broadcom

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Protection Mechanism Failure

EUVDB-ID: #VU22816

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-12758

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to the application does not check for digital signatures when loading the "c:\Windows\SysWOW64\wbem\DSPARSE.dll" file that is not present on the system by default. A local administrator can place a malicious "DSPARSE.dll" and gain elevated privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 11 MR1 - 14.2 RU1 MP1

External links

http://support.symantec.com/us/en/article.SYMSA1488.html
http://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Improper Authentication

EUVDB-ID: #VU22820

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12756

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to a password protection bypass. A local administrator can bypass the secondary layer of password protection and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 11 MR1 - 14.2 RU1 MP1

External links

http://support.symantec.com/us/en/article.SYMSA1488.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU22819

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-18372

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permission checks. A local user can compromise the software application and gain elevated privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 11 MR1 - 14.2 RU1 MP1

External links

http://support.symantec.com/us/en/article.SYMSA1488.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU22818

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12759

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permission checks. A local user can compromise the software application and gain elevated privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Mail Security for Microsoft Exchange (SMSMSE): 7.5 - 7.5.6

Symantec Endpoint Protection Manager: 12.1 RU2 - 14.2 RU1

External links

http://support.symantec.com/us/en/article.SYMSA1488.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU22817

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12757

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permission checks. A local user can compromise the software application and gain elevated privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 12.0 - 14.2 RU1 MP1

Symantec Endpoint Protection Small Business Edition: 12.1.7266.6800 - 12.1.7484.7002

External links

http://support.symantec.com/us/en/article.SYMSA1488.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###