Multiple vulnerabilities in Symantec Endpoint Protection and Endpoint Protection Small Business Edition
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2020-5826 CVE-2020-5825 CVE-2020-5824 CVE-2020-5823 CVE-2020-5822 CVE-2020-5821 CVE-2020-5820 |
| CWE-ID | CWE-125 CWE-264 CWE-20 CWE-427 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Symantec Endpoint Protection Client/Desktop applications / Antivirus software/Personal firewalls Symantec Endpoint Protection Small Business Edition Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Broadcom |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU25326
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5826
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the "AvHostPlugin.dll". A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 14.2 RU1 - 14.2 RU2
Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000
External linkshttp://support.symantec.com/us/en/article.SYMSA1505.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU25325
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5825
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing authentication in the "AvHostPlugin.dll" module. A local user can overwrite existing files on the resident system without proper privileges and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 14.2 RU1 MP1 - 14.2 RU2
Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000
External linkshttp://support.symantec.com/us/en/article.SYMSA1505.html
http://www.zerodayinitiative.com/advisories/ZDI-20-228/
http://www.zerodayinitiative.com/advisories/ZDI-20-227/
http://www.zerodayinitiative.com/advisories/ZDI-20-226/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU25324
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5824
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the "AvHostPlugin.dll" module. A local user can cause a denial of service condition on the target system.
Install updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 14.2 RU1 - 14.2 RU2
Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000
External linkshttp://support.symantec.com/us/en/article.SYMSA1505.html
http://www.zerodayinitiative.com/advisories/ZDI-20-221/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU25323
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5823
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions check within the "ccJobMgr.dll" module. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 14.2 RU1 - 14.2 RU2
Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000
External linkshttp://support.symantec.com/us/en/article.SYMSA1505.html
http://www.zerodayinitiative.com/advisories/ZDI-20-219/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU25322
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5822
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions check within the "ccSvc.dll" module. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 14.2 RU1 - 14.2 RU2
Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000
External linkshttp://support.symantec.com/us/en/article.SYMSA1505.html
http://www.zerodayinitiative.com/advisories/ZDI-20-218/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Insecure DLL loading
EUVDB-ID: #VU25321
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5821
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can use a specially crafted .dll file and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 14.2 RU1 - 14.2 RU2
Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000
External linkshttp://support.symantec.com/us/en/article.SYMSA1505.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU25305
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5820
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions check within the AvHostPlugin.dll. A local user can compromise the software application to gain elevated access to resources that are normally protected from an application or user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 14.0 MP2a - 14.2 RU2
Symantec Endpoint Protection Small Business Edition: 14.0.1904.0000 - 14.2.5323.2000
External linkshttp://support.symantec.com/us/en/article.SYMSA1505.html
http://www.zerodayinitiative.com/advisories/ZDI-20-217/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
