Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-18366
HistoryApr 25, 2019 - 8:29 p.m.

CVE-2018-18366

2019-04-2520:29:02
CWE-908
[email protected]
web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.

Affected configurations

NVD
Node
symantecendpoint_protectionMatch11.0windows
OR
symantecendpoint_protectionMatch11.0mr1windows
OR
symantecendpoint_protectionMatch11.0mr2windows
OR
symantecendpoint_protectionMatch11.0mr3windows
OR
symantecendpoint_protectionMatch11.0mr4windows
OR
symantecendpoint_protectionMatch11.0mr4-mp2windows
OR
symantecendpoint_protectionMatch11.0ru5windows
OR
symantecendpoint_protectionMatch11.0ru6windows
OR
symantecendpoint_protectionMatch11.0ru6-mp1windows
OR
symantecendpoint_protectionMatch11.0ru6-mp2windows
OR
symantecendpoint_protectionMatch11.0ru6-mp3windows
OR
symantecendpoint_protectionMatch11.0ru6awindows
OR
symantecendpoint_protectionMatch11.0ru7windows
OR
symantecendpoint_protectionMatch11.0ru7-mp1windows
OR
symantecendpoint_protectionMatch11.0ru7-mp2windows
OR
symantecendpoint_protectionMatch11.0ru7-mp4windows
OR
symantecendpoint_protectionMatch11.0ru7-mp4awindows
OR
symantecendpoint_protectionMatch11.0ry7-mp3windows
OR
symantecendpoint_protectionMatch12.1windows
OR
symantecendpoint_protectionMatch12.1ru1windows
OR
symantecendpoint_protectionMatch12.1ru1-mp1windows
OR
symantecendpoint_protectionMatch12.1ru2windows
OR
symantecendpoint_protectionMatch12.1ru2-mp1windows
OR
symantecendpoint_protectionMatch12.1ru3windows
OR
symantecendpoint_protectionMatch12.1ru4windows
OR
symantecendpoint_protectionMatch12.1ru4-mp1windows
OR
symantecendpoint_protectionMatch12.1ru4-mp1awindows
OR
symantecendpoint_protectionMatch12.1ru4-mp1bwindows
OR
symantecendpoint_protectionMatch12.1ru4awindows
OR
symantecendpoint_protectionMatch12.1ru5windows
OR
symantecendpoint_protectionMatch12.1ru6windows
OR
symantecendpoint_protectionMatch12.1ru6-mp1windows
OR
symantecendpoint_protectionMatch12.1ru6-mp10windows
OR
symantecendpoint_protectionMatch12.1ru6-mp2windows
OR
symantecendpoint_protectionMatch12.1ru6-mp3windows
OR
symantecendpoint_protectionMatch12.1ru6-mp4windows
OR
symantecendpoint_protectionMatch12.1ru6-mp5windows
OR
symantecendpoint_protectionMatch12.1ru6-mp6windows
OR
symantecendpoint_protectionMatch12.1ru6-mp7windows
OR
symantecendpoint_protectionMatch12.1ru6-mp8windows
OR
symantecendpoint_protectionMatch14windows
OR
symantecendpoint_protectionMatch14mp1windows
OR
symantecendpoint_protectionMatch14.0.0mp2windows
OR
symantecendpoint_protectionMatch14.0.1windows
OR
symantecendpoint_protectionMatch14.0.1mp1windows
OR
symantecendpoint_protectionMatch14.0.1mp2windows
OR
symantecendpoint_protectionMatch14.2windows
OR
symantecendpoint_protectionMatch14.2mp1windows
OR
symantecendpoint_protectionMatchnis-22.15.2.22small_business
OR
symantecendpoint_protectionMatchsep-12.1.7484.7002small_business
OR
symantecendpoint_protection_cloudRange<22.16.3
OR
symantecendpoint_protection_cloud_agentRange<3.00.31.2817small_business
OR
symantecnorton_securityRange<22.16.3windows

Related

talosblog 1
cvelist 1
nessus 1
talos 1
prion 1
cve 1
talosblog
talosblog
Vulnerability Spotlight: Symantec Endpoint Protection kernel memory information disclosure vulnerability
2019-04-23 16:02:53
cvelist
cvelist
CVE-2018-18366
2019-04-25 19:13:05
nessus
nessus
Symantec Endpoint Protection Client 12.1.x / 14.x < 14.2.3332.1000 Kernel Memory Disclosure (SYMSA1479)
2019-05-10 00:00:00
talos
talos
Symantec Endpoint Protection Small Business Edition ccSetx86.sys 0x224844 kernel memory information disclosure vulnerability
2019-04-23 00:00:00
prion
prion
Design/Logic Flaw
2019-04-25 20:29:00
cve
cve
CVE-2018-18366
2019-04-25 20:29:02

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON
Related for NVD:CVE-2018-18366
talosblog1cvelist1nessus1talos1prion1cve1