Multiple vulnerabilities in Symantec Endpoint Protection and Symantec Endpoint Protection Manager



Published: 2020-05-11
Risk Medium
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2020-5833
CVE-2020-5834
CVE-2020-5835
CVE-2020-5836
CVE-2020-5837
CWE-ID CWE-125
CWE-22
CWE-362
CWE-284
CWE-61
Exploitation vector Network
Public exploit Public exploit code for vulnerability #5 is available.
Vulnerable software
Subscribe
Symantec Endpoint Protection Manager
Client/Desktop applications / Antivirus software/Personal firewalls

Symantec Endpoint Protection
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Broadcom

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU27692

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5833

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition. A local user can run a specially crafted program to trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection Manager: 14.0.0 MP2 - 14.2 RU2 MP1


CPE2.3 External links

http://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU27693

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5834

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection Manager: 14.0.0 MP2 - 14.2 RU2 MP1


CPE2.3 External links

http://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Race condition

EUVDB-ID: #VU27694

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5835

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection Manager: 14.0.0 MP2 - 14.2 RU2 MP1


CPE2.3 External links

http://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU27695

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5836

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system

The vulnerability exists due to application can reset ACL for files as a limited user, when the Symantec Endpoint Protection's Tamper Protection feature is disabled. As a result, a local user can  elevate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14 MP1 - 14.2 RU2 MP1


CPE2.3 External links

http://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) UNIX symbolic link following

EUVDB-ID: #VU27696

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-5837

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions when writing to log files. A local user can create a symbolic link to a critical file on the system and overwrite it.

Successful exploitation of the vulnerability may lead to privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symantec Endpoint Protection: 14 MP1 - 14.2 RU2 MP1


CPE2.3 External links

http://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###