Symantec has released an update to address an issue that was discovered in the Critical System Protection (CSP) product.
Critical System Protection (CSP)
CVE
|
Affected Version(s)
|
Remediation
CVE-2019-18374
|
8.0, 8.0 HF1 & 8.0 MP1
|
Upgrade to 8.0 MP1 HF1
CVE-2019-18374
Severity/CVSSv3:
|
Critical / 9.4. AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
References:
Impact:
|
Security Focus: BID 110877 / NVD: CVE-2019-18374
Authentication Bypass
Description:
|
Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.
A Critical System Protection update, version 8.0 MP1 HF1, has been released which addresses the aforementioned issue. Note that the latest Critical System Protection releases and patches are available to customers through normal support channels. Symantec has also created additional detections and protections which are in place and is continuing to monitor any attempts of this exploit against our products. At this time, there is no evidence of any attempts at this exploit in the wild.
Symantec recommends the following measures to reduce risk of attack:
CPE | Name | Operator | Version |
---|---|---|---|
critical system protection (csp) | eq | 8 | |
critical system protection (csp) | eq | 8 |