Main Vulnerability Database Vulnerabilities #VU37035

Input validation error in Norton App Lock - CVE-2018-5242

Published: June 13, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37035

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-5242

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Broadcom

Affected software:
Norton App Lock

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.

How to mitigate CVE-2018-5242

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/104414
https://support.symantec.com/en_US/article.SYMSA1453.html

Input validation error in Norton App Lock - CVE-2018-5242

Detailed vulnerability description

How to mitigate CVE-2018-5242

Sources

Please verify you're human