Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-1414
HistorySep 07, 2017 - 8:00 a.m.

Symantec Encryption Desktop DoS

2017-09-0708:00:00
Symantec Security Response
65

EPSS

0.002

Percentile

57.1%

JSON

SUMMARY

Symantec has released an update to address an issue in the Symantec Encryption Desktop product.

AFFECTED PRODUCTS

Symantec Encryption Desktop (SED)

CVE

|

Affected Version(s)

|

Remediation

CVE-2017-6330

|

Prior to 10.4.1MP2

|

Upgrade to 10.4.1MP2

ISSUES

CVE-2017-6330

Severity/CVSSv3:

|

Medium / 5.7 AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Impact:

|

Securityfocus: BID 100552 / NVD: CVE-2017-6330

Denial of service

Description:

|

A Denial of Service (DoS) attack, is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. DoS attacks can occur when a system becomes flooded with specific network requests or subversive operations that can cause the resourced system to become unresponsive.

MITIGATION

This issue was validated by the product team engineers. A Symantec Encryption Desktop update, version SED 10.4.1MP2, has been released which addresses the aforementioned vulnerability. Note that the Symantec Encryption Desktop's latest release and patches are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from these issues.

Best Practices

Symantec recommends the following measures to reduce risk of attack:

  • Restrict access to administrative or management systems to authorized privileged users.
  • Restrict remote access to trusted/authorized systems only.
  • Run under the principle of least privilege, where possible, to limit the impact of potential exploit.
  • Keep all operating systems and applications current with vendor patches.
  • Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection for both inbound and outbound threats.
  • Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.

ACKNOWLEDGEMENTS

Related

cve 1
nessus 2
prion 1
cvelist 1
nvd 1
openvas 1
cve
cve
CVE-2017-6330
2017-09-13 14:29:00
nessus
nessus
Symantec Encryption Desktop 10.x < 10.4.1 MP2 DoS
2017-09-13 00:00:00
Symantec Encryption Desktop 10.x < 10.4.1 MP2 DoS
2017-09-15 00:00:00
prion
prion
Code injection
2017-09-13 14:29:00
cvelist
cvelist
CVE-2017-6330
2017-09-13 14:00:00
nvd
nvd
CVE-2017-6330
2017-09-13 14:29:00
openvas
openvas
Symantec Encryption Desktop Denial-of-Service Vulnerability - Windows
2017-09-22 00:00:00

EPSS

0.002

Percentile

57.1%

JSON
Related for SMNTC-1414
cve1nessus2prion1cvelist1nvd1openvas1