Symantec has released a set of updates to address three issues in the Symantec Endpoint Protection (SEP) product.
Symantec Endpoint Protection (SEP)
|
|
CVE-2017-13681
|
Prior to 12.1 RU6 MP9
|
Upgrade to 12.1 RU6 MP9
Symantec Endpoint Protection (SEP)
|
|
CVE-2017-13680
|
Prior to 12.1 RU6 MP9 & 14 RU1
|
Upgrade to 12.1 RU6 MP9 & 14 RU1
Symantec Endpoint Protection (SEP)
|
|
CVE-2017-6331
|
Prior to 12.1.X
|
Upgrade to 14 RU1
CVE-2017-13681
Severity/CVSSv3:
|
High / 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
References:
Impact:
|
Securityfocus: BID 101504 / NVD: CVE-2017-13681
Privilege escalation
Description:
|
The Symantec Endpoint Protection Windows endpoint could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.
CVE-2017-13680
Severity/CVSSv3:
|
Medium / 6.5 (AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
References:
Impact:
|
Securityfocus: BID 101503 / NVD: CVE-2017-13680
Arbitrary file deletion
Description:
|
The Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.
CVE-2017-6331
Severity/CVSSv3:
|
Low / 2.8 (AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
References:
Impact:
|
Securityfocus: BID 101502 / NVD: CVE-2017-6331
Tamper protection bypass
Description:
|
The Symantec Endpoint Protection Windows endpoint can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients. Tamper Protection protects Symantec processes and internal objects from these attacks that non-Symantec processes such as worms, Trojan horses, viruses, and security risks could make. Note that in this circumstance, the tamper-protection bypass only allows altering a small amount of text in one element of the UI.
This issues listed above were validated by the product team engineers. A set of Symantec Endpoint Protection updates, versions SEP 12.1 RU6 MP9 andSEP 14 RU1, have been released which address the aforementioned issues. Please ensure you apply the necessary patches and upgrades accordingly. Symantec Endpoint Protection’s latest releases are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from these issues.
Note1: For customers running SEP 14, SEP 14 MP1 or SEP 14 MP2, only the low and medium severity issues articulated in the aforementioned advisory details affect the updated SEP 14 product line. The high severity issue does not impact any instances of SEP 14.
Note2: The aforementioned vulnerabilities only pertain to the SEP client. The SEPM manager is not affected.
Best Practices
Symantec recommends the following measures to reduce risk of attack:
- Minor edit on Nov 6th, 2017
- Added details on specific SEP endpoints
- Minor edit to adjust finder contact details