Symantec has released an update to address an issue that was discovered in the Symantec SONAR component.
Component: SONAR Engine
CVE
|
Affected Version(s)
|
Remediation
CVE-2019-12752
|
Prior to 12.0.2
|
Upgrade to 12.0.2
(Note: Live updatable; no action required by customers)
CVE-2019-12752
Severity/CVSSv3:
|
Medium / 6.1 AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
References:
Impact:
|
Security Focus: BID 110611 / NVD: CVE-2019-12752
Tamper Protection Bypass
Description:
|
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system.
This issue has been validated by Symantec engineers. An update for Symantec SONAR, version 12.0.2 has been released to address this issue. Note that this release has already been pushed out automatically via Symantec LiveUpdate; no additional action is required by customers. At this time, Symantec is not aware of any exploitations or adverse customer impact from this issue.
Symantec recommends the following measures to reduce risk of attack:
CPE | Name | Operator | Version |
---|---|---|---|
component: sonar engine | eq | 1 |