Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-13681

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.

Published

2017-11-06T23:29:00.250

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	symantec	endpoint_protection	< 12.1	Yes

References

http://www.securityfocus.com/bid/101504 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1039775 Third Party Advisory, VDB Entry ([email protected])
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00 Issue Tracking, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/101504 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039775 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)