Lucene search

[email protected]CVE-2016-6590

HistoryJan 08, 2020 - 4:15 p.m.

CVE-2016-6590

2020-01-0816:15:10

CWE-269

[email protected]

web.nvd.nist.gov

cve-2016-6590

symantec

it management suite

ghost solution suite

endpoint virtualization

encryption desktop

dll

vulnerability

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.4%

JSON

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.

Affected configurations

NVD

Node

symantecencryption_desktopRange10.0.0–10.4.1

symantecendpoint_encryptionRange7.0–7.6

symantecendpoint_encryptionMatch7.6

symantecghost_solution_suiteMatch3.1-

symantecghost_solution_suiteMatch3.1maintenance_pack1

symantecghost_solution_suiteMatch3.1maintenance_pack2

symantecghost_solution_suiteMatch3.1maintenance_pack3

symantecit_management_suiteMatch7.6

symantecit_management_suiteMatch8.0

CPENameOperatorVersion
symantec:encryption_desktopsymantec encryption desktoplt10.4.1
symantec:endpoint_encryptionsymantec endpoint encryptionlt7.6
symantec:ghost_solution_suitesymantec ghost solution suiteeq3.1
symantec:it_management_suitesymantec it management suiteeq7.6
symantec:it_management_suitesymantec it management suiteeq8.0

CPE	Name	Operator	Version
symantec:encryption_desktop	symantec encryption desktop	lt	10.4.1
symantec:endpoint_encryption	symantec endpoint encryption	lt	7.6
symantec:ghost_solution_suite	symantec ghost solution suite	eq	3.1
symantec:it_management_suite	symantec it management suite	eq	7.6
symantec:it_management_suite	symantec it management suite	eq	8.0

CNA Affected

[
  {
    "product": "IT Management Suite",
    "vendor": "Symantec",
    "versions": [
      {
        "status": "affected",
        "version": "8.0 prior to 8.0 HF4 and  7.6 prior to 7.6 HF7"
      }
    ]
  },
  {
    "product": "Ghost Solution Suite",
    "vendor": "Symantec",
    "versions": [
      {
        "status": "affected",
        "version": "3.1 prior to 3.1 MP4"
      }
    ]
  },
  {
    "product": "Symantec Endpoint Virtualization",
    "vendor": "Symantec",
    "versions": [
      {
        "status": "affected",
        "version": "7.x  prior to 7.6 HF"
      }
    ]
  },
  {
    "product": "Encryption Desktop",
    "vendor": "Symantec",
    "versions": [
      {
        "status": "affected",
        "version": "0.x prior to 10.4.1"
      },
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94279

www.securitytracker.com/id/1037302

support.symantec.com/us/en/article.symsa1385.html

Social References

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2016-6590

nvd1 symantec1 prion1 cvelist1