CVE-2018-12238 - Vulnerability Details - OpenCVE

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Endpoint Protection Endpoint Protection Cloud Norton Antivirus

Configuration 1 [-]

OR	cpe:2.3:a:symantec:endpoint_protection::::::::
	cpe:2.3:a:symantec:endpoint_protection::::::::
	cpe:2.3:a:symantec:endpoint_protection_cloud::::::::
	cpe:2.3:a:symantec:norton_antivirus::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105917
https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2018-11-29T14:00:00

Updated: 2024-08-05T08:30:58.948Z

Reserved: 2018-06-12T00:00:00

Link: CVE-2018-12238

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-11-29T14:29:00.250

Modified: 2024-11-21T03:44:50.323

Link: CVE-2018-12238

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Norton; Symantec Endpoint Protection (SEP); Symantec Endpoint Protection Small Business Edition (SEP SBE); Symantec Endpoint Protection Cloud (SEP Cloud)", "vendor": "Symantec Corporation", "versions": [{"status": "affected", "version": "Prior to 22.15 [Norton]"}, {"status": "affected", "version": "Prior to 12.1.7454.7000 & 14.2 [Symantec Endpoint Protection (SEP)]"}, {"status": "affected", "version": "Prior to NIS-22.15.1.8 & SEP-12.1.7454.7000 [Symantec Endpoint Protection Small Business Edition (SEP SBE)]"}, {"status": "affected", "version": "Prior to 22.15.1 [Symantec Endpoint Protection Cloud (SEP Cloud)]"}]}], "datePublic": "2018-11-29T00:00:00", "descriptions": [{"lang": "en", "value": "Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected."}], "problemTypes": [{"descriptions": [{"description": "AV Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-30T10:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"name": "105917", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105917"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2018-12238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Norton; Symantec Endpoint Protection (SEP); Symantec Endpoint Protection Small Business Edition (SEP SBE); Symantec Endpoint Protection Cloud (SEP Cloud)", "version": {"version_data": [{"version_value": "Prior to 22.15 [Norton]"}, {"version_value": "Prior to 12.1.7454.7000 & 14.2 [Symantec Endpoint Protection (SEP)]"}, {"version_value": "Prior to NIS-22.15.1.8 & SEP-12.1.7454.7000 [Symantec Endpoint Protection Small Business Edition (SEP SBE)]"}, {"version_value": "Prior to 22.15.1 [Symantec Endpoint Protection Cloud (SEP Cloud)]"}]}}]}, "vendor_name": "Symantec Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "AV Bypass"}]}]}, "references": {"reference_data": [{"name": "105917", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105917"}, {"name": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html", "refsource": "CONFIRM", "url": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:30:58.948Z"}, "title": "CVE Program Container", "references": [{"name": "105917", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105917"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2018-12238", "datePublished": "2018-11-29T14:00:00", "dateReserved": "2018-06-12T00:00:00", "dateUpdated": "2024-08-05T08:30:58.948Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B467107-F1B4-4D10-B10F-18A947F92B09", "versionEndExcluding": "12.1.7454.7000", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "869AF0C2-7774-48EC-B06B-733A6C5B75F3", "versionEndIncluding": "14.2", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "938F1785-00BE-4894-A646-EC17871E47F6", "versionEndExcluding": "22.15.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF904CE1-9060-49E7-B53E-0BD8DF7723D7", "versionEndExcluding": "22.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected."}, {"lang": "es", "value": "Norton en versiones anteriores a la 22.15; Symantec Endpoint Protection (SEP) en versiones anteriores a la 12.1.7454.7000 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) en versiones anteriores a la NIS-22.15.1.8 SEP-12.1.7454.7000; y Symantec Endpoint Protection Cloud (SEP Cloud) en versiones anteriores a la 22.15.1 pueden ser susceptibles a un problema de omisi\u00f3n de antivirus, que es un tipo de explotaci\u00f3n que sirve para eludir uno de los motores de detecci\u00f3n de virus y as\u00ed evitar un tipo de protecci\u00f3n antivirus espec\u00edfico. Uno de los motores antivirus depende de un patr\u00f3n de firma de una base de datos para identificar archivos maliciosos y virus; la explotaci\u00f3n de omisi\u00f3n de antivirus busca alterar el archivo que se est\u00e1 analizando para que no sea detectado."}], "id": "CVE-2018-12238", "lastModified": "2024-11-21T03:44:50.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-29T14:29:00.250", "references": [{"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105917"}, {"source": "secure@symantec.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105917"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}