8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Symantec Network Protection products using affected versions of the Linux kernel are susceptible to multiple vulnerabilities. A remote attacker can cause denial of service through resource exhaustion and memory corruption. A local attacker can escalate their privileges on the system.
CVE |Supported Version(s)|Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479 | 2.3 | Upgrade to a later version with fixes.
2.4, 3.0 | Not available at this time
3.1 | Not vulnerable, fixed in 3.1.0.0.
CVE |Supported Version(s)|Remediation
CVE-2019-11478, CVE-2019-11479 | 6.1 | Upgrade to a version of MC with the fixes.
CVE |Supported Version(s)|Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479 | 1.1 | Upgrade to a version of CAS and SMG with the fixes.
CVE |Supported Version(s)|Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479 | 4.2 | Upgrade to a version of Content Analysis with fixes.
CVE |Supported Version(s)|Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479 | 2.4 and earlier | Upgrade to a later version with fixes.
3.0 | Not vulnerable, fixed in 3.0.1.1
CVE |Supported Version(s)|Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479 | 11.6, 11.9, 11.10 | A fix will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes.
CVE |Supported Version(s)|Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479 | 1.1 | A fix will not be provided. Allot NetXplorer is a replacement product for PC S-Series. Switch to a version of NetXplorer with the vulnerability fixes.
CVE |Supported Version(s)|Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479 | 10.3, 10.4 | Upgrade to later version with fixes.
10.5 | Not vulnerable, fixed
CVE |Supported Version(s)|Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479 | 7.2, 7.3, 8.0 | Upgrade to later version with fixes.
8.1 | Not vulnerable, fixed.
CVE |Supported Version(s)|Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479 | 3.10, 3.12, 5.0 | Upgrade to later version with fixes.
4.4 | Upgrade to 4.4.5.1.
4.5 | Not vulnerable, fixed in 4.5.1.1.
5.2 | Not vulnerable, fixed in 5.2.1.1.
CVE |Supported Version(s)|Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479 | 1.12 | Upgrade to 1.12.21+433.
1.13 and later | Not vulnerable, fixed.
CVE |Supported Version(s)|Remediation
CVE-2019-11477 | 10.0 | Not vulnerable
11.0 | A fix will not be provided.
CVE-2019-11478, CVE-2019-11479,
CVE-2019-11815 | 10.0, 11.0 | A fix will not be provided.
The following products are not vulnerable:
Advanced Secure Gateway
AuthConnector
BCAAA
CacheFlow (CF)
Cloud Data Protection (CDP) for Salesforce
Cloud Data Protection (CDP) for ServiceNow
Cloud Data Protection (CDP) for Oracle CRM on Demand
Cloud Data Protection (CDP) Communication Server
Cloud Data Protection (CDP) Integration Server
General Auth Connector Login Application
PacketShaper (PS)
PolicyCenter (PC)
ProxyAV
ProxyAV ConLog and ConLogXP
ProxySG
Symantec HSM Agent for the Luna SP
Unified Agent (UA)
WSS Agent (WSSA)
WSS Mobile Agent
Severity / CVSSv3 | High / 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) References| SecurityFocus: BID 108283 / NVD: CVE-2019-11815 Impact| Denial of service, privilege escalation Description | A user-after-free flaw in the RDS over TCP implementation allows a remote attacker to corrupt the target’s memory or a local attacker to escalate their privileges on the system.
Severity / CVSSv3 | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) References| SecurityFocus: BID 108801 / NVD: CVE-2019-11477 Impact| Denial of service Description | An integer overflow flag in TCP SACK processing allows a remote attacker to send crafted SACK segments on a TCP connection and cause denial of service through memory corruption.
Severity / CVSSv3 | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) References| SecurityFocus: BID 108798 / NVD: CVE-2019-11478 Impact| Denial of service Description | An excessive resource consumption flaw in TCP SACK processing allows a remote attacker to send crafted SACK segments on a TCP connection and cause denial of service.
Severity / CVSSv3 | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) References| SecurityFocus: BID 108818 / NVD: CVE-2019-11479 Impact| Denial of service Description | An excessive resource consumption flaw in TCP processing allows a remote attacker to send network traffic with low MSS on a TCP connection and cause denial of service.
[NFLX-2019-001] Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities - <https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md>
2021-10-01 A fix for SSLV 4.4 is available in 4.4.5.1. SSLV 4.5 is not vulnerable because a fix is available in 4.5.1.1.
2021-07-15 A fix for Security Analytics 7.2 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2021-06-07 A fix for SSLV 5.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. SSLV 5.2 is not vulnerable because a fix is available in 5.2.1.1.
2021-02-18 A fix for CA 2.3 and MC 2.4 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2021-01-12 A fix for SSLV 3.10 and SSLV 3.12 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-11-19 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-11-12 Content Analysis 3.1 is not vulnerable because a fix is available in 3.1.0.0.
2020-08-19 MC 3.0 is not vulnerable because a fix is available in 3.0.1.1. A fix for MC 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-04-05 Content Analysis 3.0 and Management Center 2.4 are vulnerable to CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479. A fix will not be provided for Management Center 2.2, Reporter 10.3, and SSL Visibility 4.4. Please upgrade to a later version with the vulnerability fixes. Reporter 10.5 is not vulnerable because a fix is available in 10.5.1.1. Security Analytics 8.1 is not vulnerable because a fix is available in 8.1.1. X-Series XOS 10.0 and 11.0 are vulnerable to CVE-2019-11815.
2020-04-04 A fix for PacketShaper S-Series will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Switch to a version of SSG with the vulnerability fixes. A fix for PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Switch to a version of NetXplorer with the vulnerability fixes.
2020-01-26 MC 2.4 is vulnerable to CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479.
2020-01-19 A fix for Malware Analysis will not be provided. Please upgrade to a version of Content Analysis with the vulnerability fixes.
2019-10-07 WI 1.13 is not vulnerable.
2019-09-26 Advanced Secure Gateway (ASG) is not vulnerable.
2019-09-05 initial public release
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C