| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| CVE-2025-13918 | 28 Jan 202616:35 | – | attackerkb | |
| CVE-2025-13919 | 28 Jan 202616:41 | – | attackerkb | |
| CVE-2025-13918 | 22 Jan 202612:45 | – | circl | |
| CVE-2025-13919 | 22 Jan 202612:45 | – | circl | |
| Broadcom Symantec Endpoint Protection Windows Agent security vulnerabilities | 28 Jan 202600:00 | – | cnnvd | |
| Broadcom Symantec Endpoint Protection Windows Agent security vulnerabilities | 28 Jan 202600:00 | – | cnnvd | |
| CVE-2025-13918 | 28 Jan 202616:35 | – | cve | |
| CVE-2025-13919 | 28 Jan 202616:41 | – | cve | |
| CVE-2025-13918 Elevation of Privileges in Symantec Endpoint Protection Windows Client | 28 Jan 202616:35 | – | cvelist | |
| CVE-2025-13919 Component Object Model (COM) Hijacking in Symantec Endpoint Protection Windows Client | 28 Jan 202616:41 | – | cvelist |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(297850);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/03");
script_cve_id("CVE-2025-13918", "CVE-2025-13919");
script_xref(name:"IAVA", value:"2026-A-0098");
script_name(english:"Symantec Endpoint Protection Client < 14.3 RU8 Patch 3 / 14.3 RU9 Patch 2 / 14.3 RU10 Patch 1 Multiple Vulnerabilities (36774)");
script_set_attribute(attribute:"synopsis", value:
"The Symantec Endpoint Protection Client installed on the remote host is affected by a multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Symantec Endpoint Protection (SEP) Client installed on the remote host is affected by a multiple
vulnerabilities as referenced in the 36774 advisory.
- Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be
susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may
attempt to compromise the software application to gain elevated access to resources that are normally
protected from an application or user. (CVE-2025-13918)
- Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be
susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to
establish persistence and evade detection by hijacking COM references in the Windows Registry.
(CVE-2025-13919)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36774
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc0b632a");
script_set_attribute(attribute:"solution", value:
"Upgrade to Symantec Endpoint Protection Client version RU8 Patch 3, RU9 Patch 2 and 14.3 RU10 Patch 1 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-13919");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2025-13918");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/21");
script_set_attribute(attribute:"patch_publication_date", value:"2025/11/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:endpoint_protection");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("savce_installed.nasl");
script_require_keys("Antivirus/SAVCE/version");
script_require_ports(139, 445);
exit(0);
}
var app = 'Symantec Endpoint Protection Client';
var display_ver = get_kb_item_or_exit('Antivirus/SAVCE/version');
var edition = get_kb_item('Antivirus/SAVCE/edition');
if(get_kb_item('SMB/svc/ssSpnAv')) audit(AUDIT_INST_VER_NOT_VULN, 'Symantec.cloud Endpoint Protection');
if (empty_or_null(edition)) edition = '';
else if (edition == 'sepsb') app += ' Small Business Edition';
var port, report, fixed_ver;
var vuln = FALSE;
# https://knowledge.broadcom.com/external/article/154575
if (ver_compare(ver:display_ver, fix:'14.3.10178.8000', minver:'0.0', strict:FALSE) == -1)
{
vuln = TRUE;
fixed_ver = '14.3.10178.8000';
}
else if (ver_compare(ver:display_ver, fix:'14.3.11237.9000', minver:'14.3.11232.9000', strict:FALSE) == -1)
{
vuln = TRUE;
fixed_ver = '14.3.11237.9000';
}
else if (ver_compare(ver:display_ver, fix:'14.3.12167.10000', minver:'14.3.12154.10000', strict:FALSE) == -1)
{
vuln = TRUE;
fixed_ver = '14.3.12167.10000';
}
if (vuln)
{
port = get_kb_item('SMB/transport');
if (!port) port = 445;
report =
'\n Product : ' + app +
'\n Installed version : ' + display_ver +
'\n Fixed version : ' + fixed_ver +
'\n';
security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);
}
else audit(AUDIT_INST_VER_NOT_VULN, app, display_ver);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation