Main Vulnerability Database Vulnerabilities #VU22886

#VU22886 Permissions, Privileges, and Access Controls in Norton App Lock - CVE-2019-18373

Published: November 21, 2019

Vulnerability identifier: #VU22886

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-18373

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Norton App Lock

Software vendor:
Broadcom

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a security-bypass vulnerability. An administrator with physical access can circumvent the app to prevent it from locking other apps on the device and gain access to the target system.

Remediation

Install updates from vendor's website.

External links

https://support.symantec.com/us/en/article.SYMSA1496.html