Spoofing attack in Norton Password Manager - CVE-2018-18365
Published: February 18, 2019
Vulnerability identifier: #VU17748
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-18365
CWE-ID: CWE-451
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Broadcom
Affected software:
Norton Password Manager
Norton Password Manager
Detailed vulnerability description
The disclosed vulnerability allows a physical high-privileged attacker to perform spoofing attack.
The weakness exists due to address spoofing. A physical attacker can disguise origin IP address in order to obfuscate the source of network traffic.
The weakness exists due to address spoofing. A physical attacker can disguise origin IP address in order to obfuscate the source of network traffic.
How to mitigate CVE-2018-18365
The vulnerability has been addressed in the version 6.2.0.1078 for Android and 6.2.309 for iOS.