Lucene search

[email protected]CVE-2020-5820

HistoryFeb 11, 2020 - 6:15 p.m.

CVE-2020-5820

2020-02-1118:15:16

[email protected]

web.nvd.nist.gov

cve-2020-5820

symantec

endpoint protection

sep

privilege escalation

vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

24.1%

JSON

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Affected configurations

NVD

Node

symantecendpoint_protectionMatch11.0-

symantecendpoint_protectionMatch11.0mr1

symantecendpoint_protectionMatch11.0mr2

symantecendpoint_protectionMatch11.0mr3

symantecendpoint_protectionMatch11.0mr4

symantecendpoint_protectionMatch11.0mr4-mp1a

symantecendpoint_protectionMatch11.0mr4-mp2

symantecendpoint_protectionMatch11.0ru5

symantecendpoint_protectionMatch11.0ru6

symantecendpoint_protectionMatch11.0ru6-mp1

symantecendpoint_protectionMatch11.0ru6-mp2

symantecendpoint_protectionMatch11.0ru6-mp3

symantecendpoint_protectionMatch11.0ru6a

symantecendpoint_protectionMatch11.0ru7

symantecendpoint_protectionMatch11.0ru7-mp1

symantecendpoint_protectionMatch11.0ru7-mp2

symantecendpoint_protectionMatch11.0ru7-mp3

symantecendpoint_protectionMatch11.0ru7-mp4

symantecendpoint_protectionMatch11.0ru7-mp4a

symantecendpoint_protectionMatch12.1-

symantecendpoint_protectionMatch12.1ru1

symantecendpoint_protectionMatch12.1ru1-p1

symantecendpoint_protectionMatch12.1ru2

symantecendpoint_protectionMatch12.1ru2-mp1

symantecendpoint_protectionMatch12.1ru3

symantecendpoint_protectionMatch12.1ru4

symantecendpoint_protectionMatch12.1ru4-mp1

symantecendpoint_protectionMatch12.1ru4-mp1a

symantecendpoint_protectionMatch12.1ru4-mp1b

symantecendpoint_protectionMatch12.1ru4a

symantecendpoint_protectionMatch12.1ru5

symantecendpoint_protectionMatch12.1ru6

symantecendpoint_protectionMatch12.1ru6-mp1

symantecendpoint_protectionMatch12.1ru6-mp2

symantecendpoint_protectionMatch12.1ru6-mp3

symantecendpoint_protectionMatch12.1ru6-mp4

symantecendpoint_protectionMatch12.1ru6-mp5

symantecendpoint_protectionMatch12.1ru6-mp6

symantecendpoint_protectionMatch12.1ru6-mp7

symantecendpoint_protectionMatch12.1ru6-mp8

symantecendpoint_protectionMatch12.1ru6-mp9

symantecendpoint_protectionMatch14.0.0-

symantecendpoint_protectionMatch14.0.0mp1

symantecendpoint_protectionMatch14.0.0mp2

symantecendpoint_protectionMatch14.0.1-

symantecendpoint_protectionMatch14.0.1mp1

symantecendpoint_protectionMatch14.0.1mp2

symantecendpoint_protectionMatch14.2-

symantecendpoint_protectionMatch14.2mp1

symantecendpoint_protectionMatch14.2ru1

symantecendpoint_protectionMatch14.2ru1_mp1

symantecendpoint_protectionMatch14.2ru2

Node

symantecendpoint_protectionMatch12.0rtmsmall_business

symantecendpoint_protectionMatch12.0ru1small_business

symantecendpoint_protectionMatch12.1-small_business

symantecendpoint_protectionMatch12.1ru1small_business

symantecendpoint_protectionMatch12.1ru1-mp1small_business

symantecendpoint_protectionMatch12.1ru2small_business

symantecendpoint_protectionMatch12.1ru2-mp1small_business

symantecendpoint_protectionMatch12.1ru3small_business

symantecendpoint_protectionMatch12.1ru4small_business

symantecendpoint_protectionMatch12.1ru4-mp1small_business

symantecendpoint_protectionMatch12.1ru4-mp1asmall_business

symantecendpoint_protectionMatch12.1ru4-mp1bsmall_business

symantecendpoint_protectionMatch12.1ru4asmall_business

symantecendpoint_protectionMatch12.1ru5small_business

symantecendpoint_protectionMatch12.1ru6small_business

symantecendpoint_protectionMatch12.1ru6_mp1small_business

symantecendpoint_protectionMatch12.1ru6_mp10small_business

symantecendpoint_protectionMatch12.1ru6_mp2small_business

symantecendpoint_protectionMatch12.1ru6_mp3small_business

symantecendpoint_protectionMatch12.1ru6_mp4small_business

symantecendpoint_protectionMatch12.1ru6_mp5small_business

symantecendpoint_protectionMatch12.1ru6_mp6small_business

symantecendpoint_protectionMatch12.1ru6_mp7small_business

symantecendpoint_protectionMatch12.1ru6_mp8small_business

symantecendpoint_protectionMatch12.1ru6_mp9small_business

CPENameOperatorVersion
symantec:endpoint_protectionsymantec endpoint protectioneq11.0
symantec:endpoint_protectionsymantec endpoint protectioneq12.1
symantec:endpoint_protectionsymantec endpoint protectioneq14.0.0
symantec:endpoint_protectionsymantec endpoint protectioneq14.0.1
symantec:endpoint_protectionsymantec endpoint protectioneq14.2

CPE	Name	Operator	Version
symantec:endpoint_protection	symantec endpoint protection	eq	11.0
symantec:endpoint_protection	symantec endpoint protection	eq	12.1
symantec:endpoint_protection	symantec endpoint protection	eq	14.0.0
symantec:endpoint_protection	symantec endpoint protection	eq	14.0.1
symantec:endpoint_protection	symantec endpoint protection	eq	14.2

CNA Affected

[
  {
    "product": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively"
      }
    ]
  }
]

References

support.symantec.com/us/en/article.SYMSA1505.html

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

24.1%

JSON

Related for CVE-2020-5820

zdi1 nvd1 prion1 cvelist1 nessus1 symantec1