Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6590

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.

Published

2020-01-08T16:15:10.517

Last Modified

2024-11-21T02:56:23.577

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.4

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-269
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application symantec encryption_desktop < 10.4.1 Yes
Application symantec endpoint_encryption < 7.6 Yes
Application symantec endpoint_encryption 7.6 Yes
Application symantec ghost_solution_suite 3.1 Yes
Application symantec ghost_solution_suite 3.1 Yes
Application symantec ghost_solution_suite 3.1 Yes
Application symantec ghost_solution_suite 3.1 Yes
Application symantec it_management_suite 7.6 Yes
Application symantec it_management_suite 8.0 Yes
References