Multiple vulnerabilities in several Symantec Endpoint Protection products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2019-12758 CVE-2019-12756 CVE-2019-18372 CVE-2019-12759 CVE-2019-12757 |
| CWE-ID | CWE-693 CWE-287 CWE-264 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Symantec Endpoint Protection Client/Desktop applications / Antivirus software/Personal firewalls Symantec Endpoint Protection Manager Client/Desktop applications / Antivirus software/Personal firewalls Symantec Endpoint Protection Small Business Edition Client/Desktop applications / Antivirus software/Personal firewalls Symantec Mail Security for Microsoft Exchange (SMSMSE) Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Broadcom |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Protection Mechanism Failure
EUVDB-ID: #VU22816
Risk: Low
CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-12758
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass certain security restrictions.
The
vulnerability exists due to the application does not check for digital signatures when loading the "c:\Windows\SysWOW64\wbem\DSPARSE.dll" file that is not present on the system by default. A local administrator can place a malicious "DSPARSE.dll" and gain elevated privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 11 MR1 - 14.2
CPE2.3- cpe:2.3:a:broadcom:symantec_endpoint_protection:11 MR1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection:11 MR2 MP1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection:11 MR2 MP2:*:*:*:*:*:*:*
http://support.symantec.com/us/en/article.SYMSA1488.html
http://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Improper Authentication
EUVDB-ID: #VU22820
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-12756
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to a password protection bypass. A local administrator can bypass the secondary layer of password protection and gain unauthorized access to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 11 MR1 - 14.2 RU1
CPE2.3- cpe:2.3:a:broadcom:symantec_endpoint_protection:11 MR1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection:11 MR2 MP1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection:11 MR2 MP2:*:*:*:*:*:*:*
http://support.symantec.com/us/en/article.SYMSA1488.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU22819
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-18372
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permission checks. A local user can compromise the software application and gain elevated privileges on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 11 MR1 - 14.2
CPE2.3- cpe:2.3:a:broadcom:symantec_endpoint_protection:11 MR1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection:11 MR2 MP1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection:11 MR2 MP2:*:*:*:*:*:*:*
http://support.symantec.com/us/en/article.SYMSA1488.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU22818
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-12759
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permission checks. A local user can compromise the software application and gain elevated privileges on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Mail Security for Microsoft Exchange (SMSMSE): 7.5 - 7.5.6
Symantec Endpoint Protection Manager: 12.1 RU2 - 14.2 RU1
CPE2.3- cpe:2.3:a:broadcom:symantec_mail_security_for_microsoft_exchange_smsmse:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_mail_security_for_microsoft_exchange_smsmse:7.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_mail_security_for_microsoft_exchange_smsmse:7.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection_manager:12.1 RU2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection_manager:12.1 RU3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection_manager:12.1 RU4:*:*:*:*:*:*:*
http://support.symantec.com/us/en/article.SYMSA1488.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU22817
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-12757
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permission checks. A local user can compromise the software application and gain elevated privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 12.0 RTM - 14.2
Symantec Endpoint Protection Small Business Edition: 12.1.7266.6800 - 12.1.7484.7002
CPE2.3- cpe:2.3:a:broadcom:symantec_endpoint_protection:12.0 RTM:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection:12.0 RU1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection_small_business_edition:12.1.7266.6800:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection_small_business_edition:12.1.7445.7000:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_endpoint_protection_small_business_edition:12.1.7454.7000:*:*:*:*:*:*:*
http://support.symantec.com/us/en/article.SYMSA1488.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
