3 matches found
CVE-2020-5837
Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege...
Symantec Endpoint Protection Client < 14.3 Multiple Vulnerabilities (SYMSA1762)
The version of Symantec Endpoint Protection SEP Client installed on the remote host is prior to 14.3. It is therefore affected by the following vulnerabilities: - An elevation of privilege vulnerability exists. An authenticated, local attacker can exploit this by resetting ACLs on a file as a...
CVE-2020-5837
CVE-2020-5837 affects Symantec Endpoint Protection (Windows Endpoint) prior to version 14.3. The issue is that logging writes to files replaced by symbolic links may bypass standard file permissions, enabling elevation of privilege. Root cause centers on improper permission handling for log files...