Vulnerability-Lookup

CNVD-2017-36232

Vulnerability from cnvd - Published: 2017-12-05

Title

Symantec Endpoint Protection权限提升漏洞

Description

Symantec Endpoint Protection是一款企业版病毒防护软件。 SEP 12.1 RU6 MP9之前的Symantec Endpoint Protection存在权限提升漏洞。用户可利用该漏洞越权访问资源。

Severity

中

Patch Name

Symantec Endpoint Protection权限提升漏洞的补丁

Patch Description

Symantec Endpoint Protection是一款企业版病毒防护软件。 SEP 12.1 RU6 MP9之前的Symantec Endpoint Protection存在权限提升漏洞。用户可利用该漏洞越权访问资源。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-13681

Impacted products

Name
Symantec Endpoint Protection（SEP） <12.1 RU6 MP9

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-13681"
    }
  },
  "description": "Symantec Endpoint Protection\u662f\u4e00\u6b3e\u4f01\u4e1a\u7248\u75c5\u6bd2\u9632\u62a4\u8f6f\u4ef6\u3002\r\n\r\nSEP 12.1 RU6 MP9\u4e4b\u524d\u7684Symantec Endpoint Protection\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u7528\u6237\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8d8a\u6743\u8bbf\u95ee\u8d44\u6e90\u3002",
  "discovererName": "Matthieu Buffet on behalf of ANSSI.",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171106_00",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36232",
  "openTime": "2017-12-05",
  "patchDescription": "Symantec Endpoint Protection\u662f\u4e00\u6b3e\u4f01\u4e1a\u7248\u75c5\u6bd2\u9632\u62a4\u8f6f\u4ef6\u3002\r\n\r\nSEP 12.1 RU6 MP9\u4e4b\u524d\u7684Symantec Endpoint Protection\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u7528\u6237\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8d8a\u6743\u8bbf\u95ee\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Symantec Endpoint Protection\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Symantec Endpoint Protection\uff08SEP\uff09 \u003c12.1 RU6 MP9"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13681",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-07",
  "title": "Symantec Endpoint Protection\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2017-13681 (GCVE-0-2017-13681)

Vulnerability from cvelistv5 – Published: 2017-11-06 23:00 – Updated: 2024-09-16 23:16

Summary

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.

Severity ?

No CVSS data available.

CWE

Privilege Escalation

Assigner

symantec

References

URL

Tags

	http://www.securitytracker.com/id/1039775	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/101504	vdb-entryx_refsource_BID
	https://www.symantec.com/security_response/securi…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Symantec Corporation	Symantec Endpoint Protection	Affected: Prior to SEP 12.1 RU6 MP9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:05:19.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039775",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039775"
          },
          {
            "name": "101504",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101504"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171106_00"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Symantec Endpoint Protection",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to SEP 12.1 RU6 MP9"
            }
          ]
        }
      ],
      "datePublic": "2017-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T10:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "name": "1039775",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039775"
        },
        {
          "name": "101504",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101504"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171106_00"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "DATE_PUBLIC": "2017-11-06T00:00:00",
          "ID": "CVE-2017-13681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Symantec Endpoint Protection",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to SEP 12.1 RU6 MP9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Symantec Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039775",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039775"
            },
            {
              "name": "101504",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101504"
            },
            {
              "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171106_00",
              "refsource": "CONFIRM",
              "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171106_00"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2017-13681",
    "datePublished": "2017-11-06T23:00:00Z",
    "dateReserved": "2017-08-24T00:00:00",
    "dateUpdated": "2024-09-16T23:16:25.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-36232

CVE-2017-13681 (GCVE-0-2017-13681)

Tags

Sightings

Nomenclature