Main Vulnerability Database Vulnerabilities #VU13468

Race condition in Symantec Endpoint Protection - CVE-2018-5236

Published: June 26, 2018 / Updated: June 26, 2018

Vulnerability identifier: #VU13468

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5236

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Broadcom

Affected software:
Symantec Endpoint Protection

Detailed vulnerability description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to race condition when the output is dependent on the sequence or timing of other uncontrollable events. A local attacker can trigger race condition and cause the service to crash.

How to mitigate CVE-2018-5236

The vulnerability is fixed in the versions 12.1 RU6 MP10, 14 RU1 MP1.

Sources

https://support.symantec.com/en_US/article.SYMSA1454.html

Race condition in Symantec Endpoint Protection - CVE-2018-5236

Detailed vulnerability description

How to mitigate CVE-2018-5236

Sources

Please verify you're human