Multiple vulnerabilities in Symantec Endpoint Protection and Endpoint Protection Small Business Edition

Published: 2020-02-13

Risk	Medium
Patch available	YES
Number of vulnerabilities	7
CVE-ID	CVE-2020-5826 CVE-2020-5825 CVE-2020-5824 CVE-2020-5823 CVE-2020-5822 CVE-2020-5821 CVE-2020-5820
CWE-ID	CWE-125 CWE-264 CWE-20 CWE-427
Exploitation vector	Local
Public exploit	N/A
Vulnerable software Subscribe	Symantec Endpoint Protection Client/Desktop applications / Antivirus software/Personal firewalls Symantec Endpoint Protection Small Business Edition Client/Desktop applications / Antivirus software/Personal firewalls
Vendor	Broadcom

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU25326

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-5826

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the "AvHostPlugin.dll". A local user can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1 - 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000

CPE2.3

cpe:2.3:a:broadcom:symantec_endpoint_protection:14.2 RU2:*:*:*:*:*:*:*

External links

http://support.symantec.com/us/en/article.SYMSA1505.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU25325

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-5825

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing authentication in the "AvHostPlugin.dll" module. A local user can overwrite existing files on the resident system without proper privileges and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1 MP1 - 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000

CPE2.3

cpe:2.3:a:broadcom:symantec_endpoint_protection:14.2 RU2:*:*:*:*:*:*:*

External links

http://support.symantec.com/us/en/article.SYMSA1505.html
http://www.zerodayinitiative.com/advisories/ZDI-20-228/
http://www.zerodayinitiative.com/advisories/ZDI-20-227/
http://www.zerodayinitiative.com/advisories/ZDI-20-226/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU25324

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-5824

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the "AvHostPlugin.dll" module. A local user can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1 - 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000

CPE2.3

cpe:2.3:a:broadcom:symantec_endpoint_protection:14.2 RU2:*:*:*:*:*:*:*

External links

http://support.symantec.com/us/en/article.SYMSA1505.html
http://www.zerodayinitiative.com/advisories/ZDI-20-221/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU25323

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-5823

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check within the "ccJobMgr.dll" module. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1 - 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000

CPE2.3

cpe:2.3:a:broadcom:symantec_endpoint_protection:14.2 RU2:*:*:*:*:*:*:*

External links

http://support.symantec.com/us/en/article.SYMSA1505.html
http://www.zerodayinitiative.com/advisories/ZDI-20-219/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU25322

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-5822

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check within the "ccSvc.dll" module. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1 - 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000

CPE2.3

cpe:2.3:a:broadcom:symantec_endpoint_protection:14.2 RU2:*:*:*:*:*:*:*

External links

http://support.symantec.com/us/en/article.SYMSA1505.html
http://www.zerodayinitiative.com/advisories/ZDI-20-218/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Insecure DLL loading

EUVDB-ID: #VU25321

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-5821

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can use a specially crafted .dll file and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1 - 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000

CPE2.3

cpe:2.3:a:broadcom:symantec_endpoint_protection:14.2 RU2:*:*:*:*:*:*:*

External links

http://support.symantec.com/us/en/article.SYMSA1505.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU25305

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-5820

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check within the AvHostPlugin.dll. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.0 MP2a - 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000

CPE2.3

cpe:2.3:a:broadcom:symantec_endpoint_protection:14.2 RU2:*:*:*:*:*:*:*

External links

http://support.symantec.com/us/en/article.SYMSA1505.html
http://www.zerodayinitiative.com/advisories/ZDI-20-217/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?