Main Vulnerability Database Vulnerabilities #VU36899

Input validation error in Norton App Lock - CVE-2018-5239

Published: July 16, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36899

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-5239

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Broadcom

Affected software:
Norton App Lock

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.

How to mitigate CVE-2018-5239

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/104693
https://support.symantec.com/en_US/article.SYMSA1455.html

Input validation error in Norton App Lock - CVE-2018-5239

Detailed vulnerability description

How to mitigate CVE-2018-5239

Sources

Please verify you're human