Lucene search

[email protected]CVE-2019-12750

HistoryJul 31, 2019 - 6:15 p.m.

CVE-2019-12750

2019-07-3118:15:10

CWE-125

[email protected]

web.nvd.nist.gov

symantec

endpoint protection

vulnerability

cve-2019-12750

privilege escalation

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.7%

JSON

Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Affected configurations

NVD

Node

symantecendpoint_protectionMatch11.0-

symantecendpoint_protectionMatch11.0mr1

symantecendpoint_protectionMatch11.0mr2

symantecendpoint_protectionMatch11.0mr3

symantecendpoint_protectionMatch11.0mr4

symantecendpoint_protectionMatch11.0mr4-mp1a

symantecendpoint_protectionMatch11.0mr4-mp2

symantecendpoint_protectionMatch11.0ru5

symantecendpoint_protectionMatch11.0ru6

symantecendpoint_protectionMatch11.0ru6-mp1

symantecendpoint_protectionMatch11.0ru6-mp2

symantecendpoint_protectionMatch11.0ru6-mp3

symantecendpoint_protectionMatch11.0ru6a

symantecendpoint_protectionMatch11.0ru7

symantecendpoint_protectionMatch11.0ru7-mp1

symantecendpoint_protectionMatch11.0ru7-mp2

symantecendpoint_protectionMatch11.0ru7-mp3

symantecendpoint_protectionMatch11.0ru7-mp4

symantecendpoint_protectionMatch11.0ru7-mp4a

symantecendpoint_protectionMatch12.1-

symantecendpoint_protectionMatch12.1ru1

symantecendpoint_protectionMatch12.1ru1-p1

symantecendpoint_protectionMatch12.1ru2

symantecendpoint_protectionMatch12.1ru2-mp1

symantecendpoint_protectionMatch12.1ru3

symantecendpoint_protectionMatch12.1ru4

symantecendpoint_protectionMatch12.1ru4-mp1

symantecendpoint_protectionMatch12.1ru4-mp1a

symantecendpoint_protectionMatch12.1ru4-mp1b

symantecendpoint_protectionMatch12.1ru4a

symantecendpoint_protectionMatch12.1ru5

symantecendpoint_protectionMatch12.1ru6

symantecendpoint_protectionMatch12.1ru6-mp1

symantecendpoint_protectionMatch12.1ru6-mp2

symantecendpoint_protectionMatch12.1ru6-mp3

symantecendpoint_protectionMatch12.1ru6-mp4

symantecendpoint_protectionMatch12.1ru6-mp5

symantecendpoint_protectionMatch12.1ru6-mp6

symantecendpoint_protectionMatch12.1ru6-mp7

symantecendpoint_protectionMatch12.1ru6-mp8

symantecendpoint_protectionMatch12.1ru6-mp9

symantecendpoint_protectionMatch14.0.0-

symantecendpoint_protectionMatch14.0.0mp1

symantecendpoint_protectionMatch14.0.0mp2

symantecendpoint_protectionMatch14.0.1-

symantecendpoint_protectionMatch14.0.1mp1

symantecendpoint_protectionMatch14.0.1mp2

symantecendpoint_protectionMatch14.2-

symantecendpoint_protectionMatch14.2mp1

Node

symantecendpoint_protectionMatch12.0rtmsmall_business

symantecendpoint_protectionMatch12.0ru1small_business

symantecendpoint_protectionMatch12.1-small_business

symantecendpoint_protectionMatch12.1ru1small_business

symantecendpoint_protectionMatch12.1ru1-mp1small_business

symantecendpoint_protectionMatch12.1ru2small_business

symantecendpoint_protectionMatch12.1ru2-mp1small_business

symantecendpoint_protectionMatch12.1ru3small_business

symantecendpoint_protectionMatch12.1ru4small_business

symantecendpoint_protectionMatch12.1ru4-mp1small_business

symantecendpoint_protectionMatch12.1ru4-mp1asmall_business

symantecendpoint_protectionMatch12.1ru4-mp1bsmall_business

symantecendpoint_protectionMatch12.1ru4asmall_business

symantecendpoint_protectionMatch12.1ru5small_business

CPENameOperatorVersion
symantec:endpoint_protectionsymantec endpoint protectioneq11.0
symantec:endpoint_protectionsymantec endpoint protectioneq12.1
symantec:endpoint_protectionsymantec endpoint protectioneq14.0.0
symantec:endpoint_protectionsymantec endpoint protectioneq14.0.1
symantec:endpoint_protectionsymantec endpoint protectioneq14.2

CPE	Name	Operator	Version
symantec:endpoint_protection	symantec endpoint protection	eq	11.0
symantec:endpoint_protection	symantec endpoint protection	eq	12.1
symantec:endpoint_protection	symantec endpoint protection	eq	14.0.0
symantec:endpoint_protection	symantec endpoint protection	eq	14.0.1
symantec:endpoint_protection	symantec endpoint protection	eq	14.2

CNA Affected

[
  {
    "product": "Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 14.2 RU1 & 12.1 RU6 MP10, Prior to 12.1 RU6 MP10c (12.1.7491.7002)"
      }
    ]
  }
]

References

packetstormsecurity.com/files/155581/Symantec-Endpoint-Protection-Information-Disclosure-Privilege-Escalation.html

seclists.org/fulldisclosure/2019/Dec/11

seclists.org/fulldisclosure/2019/Dec/21

support.symantec.com/us/en/article.SYMSA1487.html

Social References

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for CVE-2019-12750

prion1 symantec1 githubexploit1 cvelist1 nvd1