cnvd - cnvd-2018-00542

CNVD-2018-00542

Vulnerability from cnvd - Published: 2018-01-09

Title

Symantec Norton Family Android App信息泄露漏洞

Description

Symantec Norton Family Android App是美国赛门铁克（Symantec）公司的一款基于Android平台的家长控制上网应用程序。 Symantec Norton Family Android App 4.4.1.10之前的版本中存在信息泄露漏洞。攻击者可利用该漏洞获取信息。

Severity

低

Patch Name

Symantec Norton Family Android App信息泄露漏洞的补丁

Patch Description

Symantec Norton Family Android App是美国赛门铁克（Symantec）公司的一款基于Android平台的家长控制上网应用程序。 Symantec Norton Family Android App 4.4.1.10之前的版本中存在信息泄露漏洞。攻击者可利用该漏洞获取信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00

Reference

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00

Impacted products

Name
Symantec Norton Family Android App <4.4.1.10

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102120"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-15530",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15530"
    }
  },
  "description": "Symantec Norton Family Android App\u662f\u7f8e\u56fd\u8d5b\u95e8\u94c1\u514b\uff08Symantec\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u5bb6\u957f\u63a7\u5236\u4e0a\u7f51\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSymantec Norton Family Android App 4.4.1.10\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "discovererName": "Kai Kunschke",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171213_00",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-00542",
  "openTime": "2018-01-09",
  "patchDescription": "Symantec Norton Family Android App\u662f\u7f8e\u56fd\u8d5b\u95e8\u94c1\u514b\uff08Symantec\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u5bb6\u957f\u63a7\u5236\u4e0a\u7f51\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSymantec Norton Family Android App 4.4.1.10\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Symantec Norton Family Android App\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Symantec Norton Family Android App \u003c4.4.1.10"
  },
  "referenceLink": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171213_00",
  "serverity": "\u4f4e",
  "submitTime": "2017-12-15",
  "title": "Symantec Norton Family Android App\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-15530 (GCVE-0-2017-15530)

Vulnerability from cvelistv5 – Published: 2017-12-13 19:00 – Updated: 2024-09-16 19:36

Summary

Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.

Severity ?

No CVSS data available.

CWE

Information disclosure

Assigner

symantec

References

URL

Tags

	https://www.symantec.com/security_response/securi…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/102120	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Symantec Corporation	Norton Family Android App	Affected: Prior to 4.4.1.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:57:26.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171213_00"
          },
          {
            "name": "102120",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102120"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Norton Family Android App",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 4.4.1.10"
            }
          ]
        }
      ],
      "datePublic": "2017-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-14T10:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171213_00"
        },
        {
          "name": "102120",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102120"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "DATE_PUBLIC": "2017-12-13T00:00:00",
          "ID": "CVE-2017-15530",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Norton Family Android App",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 4.4.1.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Symantec Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171213_00",
              "refsource": "CONFIRM",
              "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171213_00"
            },
            {
              "name": "102120",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102120"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2017-15530",
    "datePublished": "2017-12-13T19:00:00Z",
    "dateReserved": "2017-10-17T00:00:00",
    "dateUpdated": "2024-09-16T19:36:32.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-00542

CVE-2017-15530 (GCVE-0-2017-15530)

Tags

Sightings

Nomenclature