Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Symantec Endpoint Protection and Endpoint Protection Small Business Edition



Published: 2020-02-13
Severity Medium
Patch available YES
Number of vulnerabilities 7
CVE ID CVE-2020-5826
CVE-2020-5825
CVE-2020-5824
CVE-2020-5823
CVE-2020-5822
CVE-2020-5821
CVE-2020-5820
CWE ID CWE-125
CWE-264
CWE-20
CWE-427
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Symantec Endpoint Protection
Client/Desktop applications / Antivirus software/Personal firewalls

Symantec Endpoint Protection Small Business Edition
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Symantec Corporation

Security Advisory

1) Out-of-bounds read

Severity: Medium

CVSSv3: 4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5826

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the "AvHostPlugin.dll". A local user can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1, 14.2 RU1 MP1, 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000, 14.0.2332.0100, 14.0.2349.0100, 14.0.2415.0200, 14.0.3752.1000, 14.0.3876.1100, 14.0.3892.1101, 14.0.3897.1101, 14.0.3929.1200, 14.2.1015.0100, 14.2.1023.0100, 14.2.1031.0100, 14.2.1057.0103, 14.2.2486.1000, 14.2.3332.1000, 14.2.3335.1000, 14.2.4559.1100, 14.2.4811.1100, 14.2.4814.1101, 14.2.4815.1101, 14.2.5280.2000, 14.2.5323.2000

CPE External links

https://support.symantec.com/us/en/article.SYMSA1505.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 5.3 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5825

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing authentication in the "AvHostPlugin.dll" module. A local user can overwrite existing files on the resident system without proper privileges and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1 MP1, 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000, 14.0.2332.0100, 14.0.2349.0100, 14.0.2415.0200, 14.0.3752.1000, 14.0.3876.1100, 14.0.3892.1101, 14.0.3897.1101, 14.0.3929.1200, 14.2.1015.0100, 14.2.1023.0100, 14.2.1031.0100, 14.2.1057.0103, 14.2.2486.1000, 14.2.3332.1000, 14.2.3335.1000, 14.2.4559.1100, 14.2.4811.1100, 14.2.4814.1101, 14.2.4815.1101, 14.2.5280.2000, 14.2.5323.2000

CPE External links

https://support.symantec.com/us/en/article.SYMSA1505.html
https://www.zerodayinitiative.com/advisories/ZDI-20-228/
https://www.zerodayinitiative.com/advisories/ZDI-20-227/
https://www.zerodayinitiative.com/advisories/ZDI-20-226/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

Severity: Low

CVSSv3: 4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5824

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the "AvHostPlugin.dll" module. A local user can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1, 14.2 RU1 MP1, 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000, 14.0.2332.0100, 14.0.2349.0100, 14.0.2415.0200, 14.0.3752.1000, 14.0.3876.1100, 14.0.3892.1101, 14.0.3897.1101, 14.0.3929.1200, 14.2.1015.0100, 14.2.1023.0100, 14.2.1031.0100, 14.2.1057.0103, 14.2.2486.1000, 14.2.3332.1000, 14.2.3335.1000, 14.2.4559.1100, 14.2.4811.1100, 14.2.4814.1101, 14.2.4815.1101, 14.2.5280.2000, 14.2.5323.2000

CPE External links

https://support.symantec.com/us/en/article.SYMSA1505.html
https://www.zerodayinitiative.com/advisories/ZDI-20-221/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5823

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check within the "ccJobMgr.dll" module. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1, 14.2 RU1 MP1, 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000, 14.0.2332.0100, 14.0.2349.0100, 14.0.2415.0200, 14.0.3752.1000, 14.0.3876.1100, 14.0.3892.1101, 14.0.3897.1101, 14.0.3929.1200, 14.2.1015.0100, 14.2.1023.0100, 14.2.1031.0100, 14.2.1057.0103, 14.2.2486.1000, 14.2.3332.1000, 14.2.3335.1000, 14.2.4559.1100, 14.2.4811.1100, 14.2.4814.1101, 14.2.4815.1101, 14.2.5280.2000, 14.2.5323.2000

CPE External links

https://support.symantec.com/us/en/article.SYMSA1505.html
https://www.zerodayinitiative.com/advisories/ZDI-20-219/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5822

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check within the "ccSvc.dll" module. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1, 14.2 RU1 MP1, 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000, 14.0.2332.0100, 14.0.2349.0100, 14.0.2415.0200, 14.0.3752.1000, 14.0.3876.1100, 14.0.3892.1101, 14.0.3897.1101, 14.0.3929.1200, 14.2.1015.0100, 14.2.1023.0100, 14.2.1031.0100, 14.2.1057.0103, 14.2.2486.1000, 14.2.3332.1000, 14.2.3335.1000, 14.2.4559.1100, 14.2.4811.1100, 14.2.4814.1101, 14.2.4815.1101, 14.2.5280.2000, 14.2.5323.2000

CPE External links

https://support.symantec.com/us/en/article.SYMSA1505.html
https://www.zerodayinitiative.com/advisories/ZDI-20-218/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Insecure DLL loading

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5821

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can use a specially crafted .dll file and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.2 RU1, 14.2 RU1 MP1, 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000, 14.0.2332.0100, 14.0.2349.0100, 14.0.2415.0200, 14.0.3752.1000, 14.0.3876.1100, 14.0.3892.1101, 14.0.3897.1101, 14.0.3929.1200, 14.2.1015.0100, 14.2.1023.0100, 14.2.1031.0100, 14.2.1057.0103, 14.2.2486.1000, 14.2.3332.1000, 14.2.3335.1000, 14.2.4559.1100, 14.2.4811.1100, 14.2.4814.1101, 14.2.4815.1101, 14.2.5280.2000, 14.2.5323.2000

CPE External links

https://support.symantec.com/us/en/article.SYMSA1505.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5820

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check within the AvHostPlugin.dll. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14.0 MP2a, 14.2, 14.2 MP1, 14.2 RU1, 14.2 RU1 MP1, 14.2 RU2

Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000, 14.0.2332.0100, 14.0.2349.0100, 14.0.2415.0200, 14.0.3752.1000, 14.0.3876.1100, 14.0.3892.1101, 14.0.3897.1101, 14.0.3929.1200, 14.2.1015.0100, 14.2.1023.0100, 14.2.1031.0100, 14.2.1057.0103, 14.2.2486.1000, 14.2.3332.1000, 14.2.3335.1000, 14.2.4559.1100, 14.2.4811.1100, 14.2.4814.1101, 14.2.4815.1101, 14.2.5280.2000, 14.2.5323.2000

CPE External links

https://support.symantec.com/us/en/article.SYMSA1505.html
https://www.zerodayinitiative.com/advisories/ZDI-20-217/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.