Vulnerability identifier: #VU16951
Vulnerability risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Norton App Lock
Client/Desktop applications /
Other client software
Vendor: Broadcom
Description
The vulnerability allows a physical high-privileged attacker to bypass security restrictions on the target system.
The vulnerability exists due to improper privileges and access control. A physical attacker can circumvent the app to prevent it from locking the device and gain device access.
Mitigation
Update to version 1.4.0.445.
Vulnerable software versions
Norton App Lock: All versions
External links
http://support.symantec.com/en_US/article.SYMSA1473.html
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.