SB2020021324 - Multiple vulnerabilities in Symantec Endpoint Protection and Endpoint Protection Small Business Edition
Published: February 13, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2020-5826)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the "AvHostPlugin.dll". A local user can trigger out-of-bounds read error and read contents of memory on the system.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-5825)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing authentication in the "AvHostPlugin.dll" module. A local user can overwrite existing files on the resident system without proper privileges and cause a denial of service condition on the target system.
3) Input validation error (CVE-ID: CVE-2020-5824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the "AvHostPlugin.dll" module. A local user can cause a denial of service condition on the target system.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-5823)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions check within the "ccJobMgr.dll" module. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-5822)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions check within the "ccSvc.dll" module. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.
6) Insecure DLL loading (CVE-ID: CVE-2020-5821)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can use a specially crafted .dll file and execute arbitrary code on the target system.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-5820)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions check within the AvHostPlugin.dll. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Remediation
Install update from vendor's website.
References
- https://support.symantec.com/us/en/article.SYMSA1505.html
- https://www.zerodayinitiative.com/advisories/ZDI-20-228/
- https://www.zerodayinitiative.com/advisories/ZDI-20-227/
- https://www.zerodayinitiative.com/advisories/ZDI-20-226/
- https://www.zerodayinitiative.com/advisories/ZDI-20-221/
- https://www.zerodayinitiative.com/advisories/ZDI-20-219/
- https://www.zerodayinitiative.com/advisories/ZDI-20-218/
- https://www.zerodayinitiative.com/advisories/ZDI-20-217/