Lucene search

[email protected]NVD:CVE-2022-37017

HistoryDec 01, 2022 - 2:15 p.m.

CVE-2022-37017

2022-12-0114:15:11

[email protected]

web.nvd.nist.gov

symantec endpoint protection

windows

security control bypass

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.9%

JSON

Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.

Affected configurations

Nvd

Node

broadcomsymantec_endpoint_protectionRange<14.3.5.1windows

VendorProductVersionCPE
broadcomsymantec_endpoint_protection*cpe:2.3:a:broadcom:symantec_endpoint_protection:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
broadcom	symantec_endpoint_protection	*	cpe:2.3:a:broadcom:symantec_endpoint_protection::::::windows::*

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21014

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.9%

JSON

Related for NVD:CVE-2022-37017

cvelist1 prion1 nessus2 githubexploit1 cve1