CVE-2018-18366

2019-04-2519:13:05

symantec

www.cve.org

0.0004 Low

EPSS

Percentile

14.2%

JSON

Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.

CNA Affected

[
  {
    "product": "Norton Security",
    "vendor": "Symantec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 22.16.3"
      }
    ]
  },
  {
    "product": "SEP (Windows client)",
    "vendor": "Symantec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to and including 12.1 RU6 MP9"
      },
      {
        "status": "affected",
        "version": "Prior to 14.2 RU1"
      }
    ]
  },
  {
    "product": "SEP SBE",
    "vendor": "Symantec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to Cloud Agent 3.00.31.2817"
      },
      {
        "status": "affected",
        "version": "NIS-22.15.2.22"
      },
      {
        "status": "affected",
        "version": "SEP-12.1.7484.7002"
      }
    ]
  },
  {
    "product": "SEP Cloud",
    "vendor": "Symantec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 22.16.3"
      }
    ]
  }
]