Lucene search
K

Symantec Endpoint Protection Client < 14.3 RU8 Patch 3 / 14.3 RU9 Patch 2 / 14.3 RU10 Patch 1 Multiple Vulnerabilities (36774)

🗓️ 04 Feb 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

SEP Client before 14.3 RU10 Patch 1, RU9 Patch 2, RU8 Patch 3 has privilege escalation and COM hijacking flaws.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(297850);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/03");

  script_cve_id("CVE-2025-13918", "CVE-2025-13919");
  script_xref(name:"IAVA", value:"2026-A-0098");

  script_name(english:"Symantec Endpoint Protection Client < 14.3 RU8 Patch 3 / 14.3 RU9 Patch 2 / 14.3 RU10 Patch 1 Multiple Vulnerabilities (36774)");

  script_set_attribute(attribute:"synopsis", value:
"The Symantec Endpoint Protection Client installed on the remote host is affected by a multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Symantec Endpoint Protection (SEP) Client installed on the remote host is affected by a multiple 
vulnerabilities as referenced in the 36774 advisory. 

  - Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be 
    susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may 
    attempt to compromise the software application to gain elevated access to resources that are normally 
    protected from an application or user. (CVE-2025-13918)

  - Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be 
    susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to 
    establish persistence and evade detection by hijacking COM references in the Windows Registry.
    (CVE-2025-13919)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36774
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc0b632a");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Symantec Endpoint Protection Client version RU8 Patch 3, RU9 Patch 2 and 14.3 RU10 Patch 1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-13919");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2025-13918");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:endpoint_protection");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("savce_installed.nasl");
  script_require_keys("Antivirus/SAVCE/version");
  script_require_ports(139, 445);

  exit(0);
}

var app = 'Symantec Endpoint Protection Client';

var display_ver = get_kb_item_or_exit('Antivirus/SAVCE/version');
var edition = get_kb_item('Antivirus/SAVCE/edition');
if(get_kb_item('SMB/svc/ssSpnAv')) audit(AUDIT_INST_VER_NOT_VULN, 'Symantec.cloud Endpoint Protection');

if (empty_or_null(edition)) edition = '';
else if (edition == 'sepsb') app += ' Small Business Edition';

var port, report, fixed_ver;
var vuln = FALSE;

# https://knowledge.broadcom.com/external/article/154575
if (ver_compare(ver:display_ver, fix:'14.3.10178.8000', minver:'0.0', strict:FALSE) == -1)
{
  vuln = TRUE;
  fixed_ver = '14.3.10178.8000';
}
else if (ver_compare(ver:display_ver, fix:'14.3.11237.9000', minver:'14.3.11232.9000', strict:FALSE) == -1)
{
  vuln = TRUE;
  fixed_ver = '14.3.11237.9000';
}
else if (ver_compare(ver:display_ver, fix:'14.3.12167.10000', minver:'14.3.12154.10000', strict:FALSE) == -1)
{
  vuln = TRUE;
  fixed_ver = '14.3.12167.10000';
}

if (vuln)
{
  port = get_kb_item('SMB/transport');
  if (!port) port = 445;

  report =
    '\n  Product           : ' + app +
    '\n  Installed version : ' + display_ver +
    '\n  Fixed version     : ' + fixed_ver +
    '\n';
  security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);
}
else audit(AUDIT_INST_VER_NOT_VULN, app, display_ver);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

03 Mar 2026 00:00Current
6Medium risk
Vulners AI Score6
CVSS 3.16.7
EPSS0.00147
SSVC
3