#VU13468 Race condition in Symantec Endpoint Protection - CVE-2018-5236

Cybersecurity Help s.r.o.

Published: 2018-06-26 | Updated: 2018-06-26

Vulnerability identifier: #VU13468

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5236

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Symantec Endpoint Protection
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Broadcom

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to race condition when the output is dependent on the sequence or timing of other uncontrollable events. A local attacker can trigger race condition and cause the service to crash.

Mitigation
The vulnerability is fixed in the versions 12.1 RU6 MP10, 14 RU1 MP1.

Vulnerable software versions

Symantec Endpoint Protection: 11 - 12.1

External links
https://support.symantec.com/en_US/article.SYMSA1454.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Symantec Endpoint Protection