Lucene search

[email protected]CVE-2019-12757

HistoryNov 15, 2019 - 6:15 p.m.

CVE-2019-12757

2019-11-1518:15:10

[email protected]

web.nvd.nist.gov

symantec endpoint protection

sep

14.2 ru2

12.1 ru6 mp10

small business edition

cve-2019-12757

nvd

vulnerability

privilege escalation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

13.9%

JSON

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Affected configurations

NVD

Node

symantecendpoint_protectionMatch11.0-

symantecendpoint_protectionMatch11.0mr1

symantecendpoint_protectionMatch11.0mr2

symantecendpoint_protectionMatch11.0mr3

symantecendpoint_protectionMatch11.0mr4

symantecendpoint_protectionMatch11.0mr4-mp1a

symantecendpoint_protectionMatch11.0mr4-mp2

symantecendpoint_protectionMatch11.0ru5

symantecendpoint_protectionMatch11.0ru6

symantecendpoint_protectionMatch11.0ru6-mp1

symantecendpoint_protectionMatch11.0ru6-mp2

symantecendpoint_protectionMatch11.0ru6-mp3

symantecendpoint_protectionMatch11.0ru6a

symantecendpoint_protectionMatch11.0ru7

symantecendpoint_protectionMatch11.0ru7-mp1

symantecendpoint_protectionMatch11.0ru7-mp2

symantecendpoint_protectionMatch11.0ru7-mp3

symantecendpoint_protectionMatch11.0ru7-mp4

symantecendpoint_protectionMatch11.0ru7-mp4a

symantecendpoint_protectionMatch12.1-

symantecendpoint_protectionMatch12.1ru1

symantecendpoint_protectionMatch12.1ru1-p1

symantecendpoint_protectionMatch12.1ru2

symantecendpoint_protectionMatch12.1ru2-mp1

symantecendpoint_protectionMatch12.1ru3

symantecendpoint_protectionMatch12.1ru4

symantecendpoint_protectionMatch12.1ru4-mp1

symantecendpoint_protectionMatch12.1ru4-mp1a

symantecendpoint_protectionMatch12.1ru4-mp1b

symantecendpoint_protectionMatch12.1ru4a

symantecendpoint_protectionMatch12.1ru5

symantecendpoint_protectionMatch12.1ru6

symantecendpoint_protectionMatch12.1ru6-mp1

symantecendpoint_protectionMatch12.1ru6-mp2

symantecendpoint_protectionMatch12.1ru6-mp3

symantecendpoint_protectionMatch12.1ru6-mp4

symantecendpoint_protectionMatch12.1ru6-mp5

symantecendpoint_protectionMatch12.1ru6-mp6

symantecendpoint_protectionMatch12.1ru6-mp7

symantecendpoint_protectionMatch12.1ru6-mp8

symantecendpoint_protectionMatch12.1ru6-mp9

symantecendpoint_protectionMatch14.0.0-

symantecendpoint_protectionMatch14.0.0mp1

symantecendpoint_protectionMatch14.0.0mp2

symantecendpoint_protectionMatch14.0.1-

symantecendpoint_protectionMatch14.0.1mp1

symantecendpoint_protectionMatch14.0.1mp2

symantecendpoint_protectionMatch14.2-

symantecendpoint_protectionMatch14.2mp1

symantecendpoint_protectionMatch14.2ru1

symantecendpoint_protectionMatch14.2ru1_mp1

Node

symantecendpoint_protectionMatch12.0rtmsmall_business

symantecendpoint_protectionMatch12.0ru1small_business

symantecendpoint_protectionMatch12.1-small_business

symantecendpoint_protectionMatch12.1ru1small_business

symantecendpoint_protectionMatch12.1ru1-mp1small_business

symantecendpoint_protectionMatch12.1ru2small_business

symantecendpoint_protectionMatch12.1ru2-mp1small_business

symantecendpoint_protectionMatch12.1ru3small_business

symantecendpoint_protectionMatch12.1ru4small_business

symantecendpoint_protectionMatch12.1ru4-mp1small_business

symantecendpoint_protectionMatch12.1ru4-mp1asmall_business

symantecendpoint_protectionMatch12.1ru4-mp1bsmall_business

symantecendpoint_protectionMatch12.1ru4asmall_business

symantecendpoint_protectionMatch12.1ru5small_business

symantecendpoint_protectionMatch12.1ru6small_business

symantecendpoint_protectionMatch12.1ru6_mp1small_business

symantecendpoint_protectionMatch12.1ru6_mp10small_business

symantecendpoint_protectionMatch12.1ru6_mp2small_business

symantecendpoint_protectionMatch12.1ru6_mp3small_business

symantecendpoint_protectionMatch12.1ru6_mp4small_business

symantecendpoint_protectionMatch12.1ru6_mp5small_business

symantecendpoint_protectionMatch12.1ru6_mp6small_business

symantecendpoint_protectionMatch12.1ru6_mp7small_business

symantecendpoint_protectionMatch12.1ru6_mp8small_business

symantecendpoint_protectionMatch12.1ru6_mp9small_business

CPENameOperatorVersion
symantec:endpoint_protectionsymantec endpoint protectioneq11.0
symantec:endpoint_protectionsymantec endpoint protectioneq12.1
symantec:endpoint_protectionsymantec endpoint protectioneq14.0.0
symantec:endpoint_protectionsymantec endpoint protectioneq14.0.1
symantec:endpoint_protectionsymantec endpoint protectioneq14.2

CPE	Name	Operator	Version
symantec:endpoint_protection	symantec endpoint protection	eq	11.0
symantec:endpoint_protection	symantec endpoint protection	eq	12.1
symantec:endpoint_protection	symantec endpoint protection	eq	14.0.0
symantec:endpoint_protection	symantec endpoint protection	eq	14.0.1
symantec:endpoint_protection	symantec endpoint protection	eq	14.2

CNA Affected

[
  {
    "product": "Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 14.2 RU2 & 12.1 RU6 MP10, prior to 12.1 RU6 MP10d (12.1.7510.7002)"
      }
    ]
  }
]

References

support.symantec.com/us/en/article.SYMSA1488.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

13.9%

JSON

Related for CVE-2019-12757

nvd1 cvelist1 prion1 nessus1 symantec1