Lucene search

[email protected]CVE-2016-5311

HistoryJan 09, 2020 - 8:15 p.m.

CVE-2016-5311

2020-01-0920:15:11

CWE-427

[email protected]

web.nvd.nist.gov

symantec

norton

antivirus

privilege escalation

vulnerability

security

endpoint protection

dll preloading

nvd

cve-2016-5311

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.

Affected configurations

NVD

Node

symantecendpoint_protectionRange<22.8.0.50

symantecendpoint_protection_cloudRange<22.8.0.50

symantecnorton_360Range<22.7

symantecnorton_antivirusRange<22.7

symantecnorton_antivirus_with_backupRange<22.7

symantecnorton_familyRange<22.7

symantecnorton_internet_securityRange<22.7

symantecnorton_securityRange<22.7

symantecnorton_security_with_backupRange<22.7

CPENameOperatorVersion
symantec:endpoint_protectionsymantec endpoint protectionlt22.8.0.50
symantec:endpoint_protection_cloudsymantec endpoint protection cloudlt22.8.0.50
symantec:norton_360symantec norton 360lt22.7
symantec:norton_antivirussymantec norton antiviruslt22.7
symantec:norton_antivirus_with_backupsymantec norton antivirus with backuplt22.7
symantec:norton_familysymantec norton familylt22.7
symantec:norton_internet_securitysymantec norton internet securitylt22.7
symantec:norton_securitysymantec norton securitylt22.7
symantec:norton_security_with_backupsymantec norton security with backuplt22.7

CPE	Name	Operator	Version
symantec:endpoint_protection	symantec endpoint protection	lt	22.8.0.50
symantec:endpoint_protection_cloud	symantec endpoint protection cloud	lt	22.8.0.50
symantec:norton_360	symantec norton 360	lt	22.7
symantec:norton_antivirus	symantec norton antivirus	lt	22.7
symantec:norton_antivirus_with_backup	symantec norton antivirus with backup	lt	22.7
symantec:norton_family	symantec norton family	lt	22.7
symantec:norton_internet_security	symantec norton internet security	lt	22.7
symantec:norton_security	symantec norton security	lt	22.7
symantec:norton_security_with_backup	symantec norton security with backup	lt	22.7

CNA Affected

[
  {
    "product": "Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360",
    "vendor": "Symantec",
    "versions": [
      {
        "status": "affected",
        "version": "before 22.7"
      }
    ]
  },
  {
    "product": "Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client",
    "vendor": "Symantec",
    "versions": [
      {
        "status": "affected",
        "version": "before 22.8.0.50"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94295

www.securitytracker.com/id/1037323

www.securitytracker.com/id/1037324

www.securitytracker.com/id/1037325

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for CVE-2016-5311

cvelist1 nessus1 prion1 nvd1