Multiple vulnerabilities in Symantec Endpoint Protection and Symantec Endpoint Protection Manager
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-5833 CVE-2020-5834 CVE-2020-5835 CVE-2020-5836 CVE-2020-5837 |
| CWE-ID | CWE-125 CWE-22 CWE-362 CWE-284 CWE-61 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
Symantec Endpoint Protection Manager Client/Desktop applications / Antivirus software/Personal firewalls Symantec Endpoint Protection Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Broadcom |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU27692
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5833
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition. A local user can run a specially crafted program to trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection Manager: 14.0.0 MP2 - 14.2 RU2 MP1
External linkshttp://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU27693
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5834
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection Manager: 14.0.0 MP2 - 14.2 RU2 MP1
External linkshttp://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU27694
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5835
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection Manager: 14.0.0 MP2 - 14.2 RU2 MP1
External linkshttp://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU27695
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5836
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system
The vulnerability exists due to application can reset ACL for files as a limited user, when the Symantec Endpoint Protection's Tamper Protection feature is disabled. As a result, a local user can elevate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 14 MP1 - 14.2 RU2 MP1
External linkshttp://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) UNIX symbolic link following
EUVDB-ID: #VU27696
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-5837
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions when writing to log files. A local user can create a symbolic link to a critical file on the system and overwrite it.
Successful exploitation of the vulnerability may lead to privilege escalation. MitigationInstall updates from vendor's website.
Vulnerable software versionsSymantec Endpoint Protection: 14 MP1 - 14.2 RU2 MP1
External linkshttp://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
