CVE-2018-5237 - Vulnerability Details - OpenCVE

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Endpoint Protection

Configuration 1 [-]

OR	cpe:2.3:a:symantec:endpoint_protection::::::::
	cpe:2.3:a:symantec:endpoint_protection:12.1:ru6mp10::::::
	cpe:2.3:a:symantec:endpoint_protection:14.0:ru1mp1::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104199
http://www.securitytracker.com/id/1041180
https://support.symantec.com/en_US/article.SYMSA1454.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2018-06-20T16:00:00Z

Updated: 2024-09-17T00:30:52.218Z

Reserved: 2018-01-05T00:00:00

Link: CVE-2018-5237

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-20T16:29:00.280

Modified: 2024-11-21T04:08:24.050

Link: CVE-2018-5237

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Symantec Endpoint Protection", "vendor": "Symantec Corporation", "versions": [{"status": "affected", "version": "Prior to 14 RU1 MP1 or 12.1 RU6 MP10"}]}], "datePublic": "2018-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels."}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-26T09:57:02", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"name": "104199", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104199"}, {"name": "1041180", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041180"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.symantec.com/en_US/article.SYMSA1454.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-06-20T00:00:00", "ID": "CVE-2018-5237", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Symantec Endpoint Protection", "version": {"version_data": [{"version_value": "Prior to 14 RU1 MP1 or 12.1 RU6 MP10"}]}}]}, "vendor_name": "Symantec Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation"}]}]}, "references": {"reference_data": [{"name": "104199", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104199"}, {"name": "1041180", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041180"}, {"name": "https://support.symantec.com/en_US/article.SYMSA1454.html", "refsource": "CONFIRM", "url": "https://support.symantec.com/en_US/article.SYMSA1454.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:43.766Z"}, "title": "CVE Program Container", "references": [{"name": "104199", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104199"}, {"name": "1041180", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041180"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.symantec.com/en_US/article.SYMSA1454.html"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2018-5237", "datePublished": "2018-06-20T16:00:00Z", "dateReserved": "2018-01-05T00:00:00", "dateUpdated": "2024-09-17T00:30:52.218Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F067AB6-0BCB-45C5-B943-72DB624ADD93", "versionEndIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6mp10:*:*:*:*:*:*", "matchCriteriaId": "CAFF743B-A076-4227-B1DF-C80D8E2AFC78", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0:ru1mp1:*:*:*:*:*:*", "matchCriteriaId": "EA249060-8AD9-4718-89CE-77234FE341CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels."}, {"lang": "es", "value": "Symantec Endpoint Protection, en versiones anteriores a 14 RU1 MP1 o 12.1 RU6 MP10, podr\u00eda ser susceptible a una vulnerabilidad de escalado de privilegios. Este tipo de problema permite que un usuario obtenga accesos elevados a recursos que, normalmente, suelen estar protegidos en niveles de acceso m\u00e1s bajos."}], "id": "CVE-2018-5237", "lastModified": "2024-11-21T04:08:24.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-20T16:29:00.280", "references": [{"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104199"}, {"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041180"}, {"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "https://support.symantec.com/en_US/article.SYMSA1454.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.symantec.com/en_US/article.SYMSA1454.html"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}