cve-2018-18366
Vulnerability from cvelistv5
Published
2019-04-25 19:13
Modified
2024-08-05 11:08
Severity ?
Summary
Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.
References
secure@symantec.comhttp://www.securityfocus.com/bid/107994Third Party Advisory, VDB Entry
secure@symantec.comhttps://support.symantec.com/en_US/article.SYMSA1479.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107994Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://support.symantec.com/en_US/article.SYMSA1479.htmlVendor Advisory
Impacted products
Vendor Product Version
Symantec Corporation Norton Security Version: Prior to 22.16.3
Symantec Corporation SEP (Windows client) Version: Prior to and including 12.1 RU6 MP9
Version: Prior to 14.2 RU1
Symantec Corporation SEP SBE Version: Prior to Cloud Agent 3.00.31.2817
Version: NIS-22.15.2.22
Version: SEP-12.1.7484.7002
Symantec Corporation SEP Cloud Version: Prior to 22.16.3
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
          },
          {
            "name": "107994",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107994"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Norton Security",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 22.16.3"
            }
          ]
        },
        {
          "product": "SEP (Windows client)",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to and including 12.1 RU6 MP9"
            },
            {
              "status": "affected",
              "version": "Prior to 14.2 RU1"
            }
          ]
        },
        {
          "product": "SEP SBE",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to Cloud Agent 3.00.31.2817"
            },
            {
              "status": "affected",
              "version": "NIS-22.15.2.22"
            },
            {
              "status": "affected",
              "version": "SEP-12.1.7484.7002"
            }
          ]
        },
        {
          "product": "SEP Cloud",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 22.16.3"
            }
          ]
        }
      ],
      "datePublic": "2019-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Kernel memory disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-25T19:13:05",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
        },
        {
          "name": "107994",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107994"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2018-18366",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Norton Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 22.16.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SEP (Windows client)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to and including 12.1 RU6 MP9"
                          },
                          {
                            "version_value": "Prior to 14.2 RU1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SEP SBE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to Cloud Agent 3.00.31.2817"
                          },
                          {
                            "version_value": "NIS-22.15.2.22"
                          },
                          {
                            "version_value": "SEP-12.1.7484.7002"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SEP Cloud",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 22.16.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Symantec Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Kernel memory disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.symantec.com/en_US/article.SYMSA1479.html",
              "refsource": "CONFIRM",
              "url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
            },
            {
              "name": "107994",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107994"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2018-18366",
    "datePublished": "2019-04-25T19:13:05",
    "dateReserved": "2018-10-15T00:00:00",
    "dateUpdated": "2024-08-05T11:08:21.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"D5DDAD68-240B-4369-8D7D-B10239C54747\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:mr1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"3D9F3D24-2F6B-4DBB-9BAD-B675F531B9C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:mr2:*:*:*:windows:*:*\", \"matchCriteriaId\": \"69DA24CB-9464-4DBA-9757-CBF3253D324C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:mr3:*:*:*:windows:*:*\", \"matchCriteriaId\": \"5708D207-5F1E-4CC5-89B0-9872F8021736\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:mr4:*:*:*:windows:*:*\", \"matchCriteriaId\": \"DA616B75-7FAA-4DFF-9E3C-9BF05D90C4AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:mr4-mp2:*:*:*:windows:*:*\", \"matchCriteriaId\": \"F728FD54-72A2-4C64-8EBA-AB516AFEB930\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru5:*:*:*:windows:*:*\", \"matchCriteriaId\": \"C7D78695-4229-4163-A937-30B0FB97568A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6:*:*:*:windows:*:*\", \"matchCriteriaId\": \"665E9936-F11A-47C2-9919-7B9F236ED003\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"5EA8075B-DF2C-4A6C-B30D-405196C0E15C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp2:*:*:*:windows:*:*\", \"matchCriteriaId\": \"506BD1F7-0B85-4DD2-A56B-6D84ECC1598B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp3:*:*:*:windows:*:*\", \"matchCriteriaId\": \"46D9A4AF-B880-4AA3-B5A9-FB2F67AD8CDE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6a:*:*:*:windows:*:*\", \"matchCriteriaId\": \"56382DCA-103C-4833-A950-6DB90102F208\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7:*:*:*:windows:*:*\", \"matchCriteriaId\": \"E0591908-0AD7-4DE6-B28D-DFA9CA6C29A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"85E4AE96-9917-4674-B08D-B8B5DEADB58D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp2:*:*:*:windows:*:*\", \"matchCriteriaId\": \"E5DB21D2-0ACD-468B-8144-10FCD7DCB428\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4:*:*:*:windows:*:*\", \"matchCriteriaId\": \"E9AD8898-62A9-40D1-9FA2-D980D5BB41DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4a:*:*:*:windows:*:*\", \"matchCriteriaId\": \"FC5F57A5-EAE3-4553-98C1-38C11C04D178\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:ry7-mp3:*:*:*:windows:*:*\", \"matchCriteriaId\": \"76D3A7B5-3151-4442-B256-A60BC5A7915E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"CD6A8A38-4199-4E73-894F-BA388FCA20EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"BF0DBAF4-95F3-4AA9-B9E6-4E9D9EEC56EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru1-mp1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"04378076-3B34-4F9F-AFE3-F740D6770C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru2:*:*:*:windows:*:*\", \"matchCriteriaId\": \"63A3DDBE-9B09-44E3-A899-6F0C9C88CDC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru2-mp1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"BD6EA05C-1748-4143-93A9-8CE5B336EA21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru3:*:*:*:windows:*:*\", \"matchCriteriaId\": \"505C8AD8-E527-49F9-96AE-B9DAE32A634B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4:*:*:*:windows:*:*\", \"matchCriteriaId\": \"E07ABDF7-6A4D-4CB1-8CA1-1708F25B89B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"8941F807-54BA-491B-B001-EC37843BAAB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1a:*:*:*:windows:*:*\", \"matchCriteriaId\": \"29A8D0C5-9389-4340-879A-033ED39D6A5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1b:*:*:*:windows:*:*\", \"matchCriteriaId\": \"BA24E896-329C-41DC-AF82-50D8479DE874\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4a:*:*:*:windows:*:*\", \"matchCriteriaId\": \"3C615B28-E03C-4DDC-A669-BADE920C0213\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru5:*:*:*:windows:*:*\", \"matchCriteriaId\": \"E63D215D-0861-4128-9CDC-03ACF0B7BDFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6:*:*:*:windows:*:*\", \"matchCriteriaId\": \"E5810456-C8B7-4716-8836-8C23CF0D8503\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"C9FEE5B1-CBF7-491E-B818-360C70EE6E1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp10:*:*:*:windows:*:*\", \"matchCriteriaId\": \"931383D4-DE13-4E90-B9D3-EDAA157E9A0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp2:*:*:*:windows:*:*\", \"matchCriteriaId\": \"3C10597C-BC98-46DF-A264-C6F782E22256\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp3:*:*:*:windows:*:*\", \"matchCriteriaId\": \"8FB5E6EE-0336-4C51-A348-DF6669D424F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp4:*:*:*:windows:*:*\", \"matchCriteriaId\": \"DCBEC4B9-10F8-48B8-BE07-9646F4D15CF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp5:*:*:*:windows:*:*\", \"matchCriteriaId\": \"F7F7472F-8126-420C-B04E-112A01865804\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp6:*:*:*:windows:*:*\", \"matchCriteriaId\": \"309BB292-60D3-4D6A-A9EB-B1741A202162\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp7:*:*:*:windows:*:*\", \"matchCriteriaId\": \"57354358-0C2D-4DE4-BE79-1EA80A20517C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp8:*:*:*:windows:*:*\", \"matchCriteriaId\": \"737E64E5-3F7B-4C5D-B1AB-54241D9C8852\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:14:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"DD3E3D04-80C5-46B6-A1AC-EF0AA15F9CB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:14:mp1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"FE526090-27CE-4CA8-84FD-37973B75BE28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:14.0.0:mp2:*:*:*:windows:*:*\", \"matchCriteriaId\": \"4853BEBB-F207-489E-ABEB-AE2A8AEC2086\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:14.0.1:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"E86D69CD-40A6-4F8E-8B07-41D6E3B8FD32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"4C30BA87-1FD2-4CBE-AC8B-AA57B9AA91D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp2:*:*:*:windows:*:*\", \"matchCriteriaId\": \"F3A02563-3A73-44E9-8169-5904B93CEB12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:14.2:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"D088B925-70DF-4CA1-B840-81C10F52049A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:14.2:mp1:*:*:*:windows:*:*\", \"matchCriteriaId\": \"901E887F-74DA-457B-A124-F3692CE76209\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:nis-22.15.2.22:*:*:*:small_business:*:*:*\", \"matchCriteriaId\": \"F562DF12-99D5-4111-9CD6-D1E5B7920225\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:sep-12.1.7484.7002:*:*:*:small_business:*:*:*\", \"matchCriteriaId\": \"33FAAF42-04C9-430C-8C9A-F707AB6B469C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.16.3\", \"matchCriteriaId\": \"31AFAAF0-ED33-4C9E-9708-456766A8A61F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection_cloud_agent:*:*:*:*:small_business:*:*:*\", \"versionEndExcluding\": \"3.00.31.2817\", \"matchCriteriaId\": \"5B36DE59-81E1-4800-96CB-C9281C15E2F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_security:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"22.16.3\", \"matchCriteriaId\": \"C5C50AD8-9816-4DDE-B8A7-1243BF2E56BF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.\"}, {\"lang\": \"es\", \"value\": \"Symantec Norton Security, versiones anteriores a 22.16.3, SEP (cliente Windows) versiones anteriores e incluyendo a 12.1 RU6 MP9 y anteriores a 14.2 RU1, SEP SBE anteriores a Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 y SEP Cloud en versiones anteriores a 22.16.3 pueden ser susceptibles a una revelaci\\u00f3n de la memoria del n\\u00facleo, que es un tipo de problema en el que una petici\\u00f3n IRP especialmente dise\\u00f1ada puede hacer que el controlador devuelva la memoria no inicializada.\"}]",
      "id": "CVE-2018-18366",
      "lastModified": "2024-11-21T03:55:48.100",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-04-25T20:29:02.177",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/107994\", \"source\": \"secure@symantec.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.symantec.com/en_US/article.SYMSA1479.html\", \"source\": \"secure@symantec.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/107994\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.symantec.com/en_US/article.SYMSA1479.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@symantec.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-908\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-18366\",\"sourceIdentifier\":\"secure@symantec.com\",\"published\":\"2019-04-25T20:29:02.177\",\"lastModified\":\"2024-11-21T03:55:48.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.\"},{\"lang\":\"es\",\"value\":\"Symantec Norton Security, versiones anteriores a 22.16.3, SEP (cliente Windows) versiones anteriores e incluyendo a 12.1 RU6 MP9 y anteriores a 14.2 RU1, SEP SBE anteriores a Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 y SEP Cloud en versiones anteriores a 22.16.3 pueden ser susceptibles a una revelaci\u00f3n de la memoria del n\u00facleo, que es un tipo de problema en el que una petici\u00f3n IRP especialmente dise\u00f1ada puede hacer que el controlador devuelva la memoria no inicializada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"D5DDAD68-240B-4369-8D7D-B10239C54747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:mr1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"3D9F3D24-2F6B-4DBB-9BAD-B675F531B9C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:mr2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"69DA24CB-9464-4DBA-9757-CBF3253D324C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:mr3:*:*:*:windows:*:*\",\"matchCriteriaId\":\"5708D207-5F1E-4CC5-89B0-9872F8021736\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:mr4:*:*:*:windows:*:*\",\"matchCriteriaId\":\"DA616B75-7FAA-4DFF-9E3C-9BF05D90C4AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:mr4-mp2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"F728FD54-72A2-4C64-8EBA-AB516AFEB930\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru5:*:*:*:windows:*:*\",\"matchCriteriaId\":\"C7D78695-4229-4163-A937-30B0FB97568A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6:*:*:*:windows:*:*\",\"matchCriteriaId\":\"665E9936-F11A-47C2-9919-7B9F236ED003\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"5EA8075B-DF2C-4A6C-B30D-405196C0E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"506BD1F7-0B85-4DD2-A56B-6D84ECC1598B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp3:*:*:*:windows:*:*\",\"matchCriteriaId\":\"46D9A4AF-B880-4AA3-B5A9-FB2F67AD8CDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6a:*:*:*:windows:*:*\",\"matchCriteriaId\":\"56382DCA-103C-4833-A950-6DB90102F208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E0591908-0AD7-4DE6-B28D-DFA9CA6C29A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"85E4AE96-9917-4674-B08D-B8B5DEADB58D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E5DB21D2-0ACD-468B-8144-10FCD7DCB428\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E9AD8898-62A9-40D1-9FA2-D980D5BB41DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4a:*:*:*:windows:*:*\",\"matchCriteriaId\":\"FC5F57A5-EAE3-4553-98C1-38C11C04D178\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ry7-mp3:*:*:*:windows:*:*\",\"matchCriteriaId\":\"76D3A7B5-3151-4442-B256-A60BC5A7915E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"CD6A8A38-4199-4E73-894F-BA388FCA20EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"BF0DBAF4-95F3-4AA9-B9E6-4E9D9EEC56EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru1-mp1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"04378076-3B34-4F9F-AFE3-F740D6770C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"63A3DDBE-9B09-44E3-A899-6F0C9C88CDC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru2-mp1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"BD6EA05C-1748-4143-93A9-8CE5B336EA21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru3:*:*:*:windows:*:*\",\"matchCriteriaId\":\"505C8AD8-E527-49F9-96AE-B9DAE32A634B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E07ABDF7-6A4D-4CB1-8CA1-1708F25B89B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"8941F807-54BA-491B-B001-EC37843BAAB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1a:*:*:*:windows:*:*\",\"matchCriteriaId\":\"29A8D0C5-9389-4340-879A-033ED39D6A5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1b:*:*:*:windows:*:*\",\"matchCriteriaId\":\"BA24E896-329C-41DC-AF82-50D8479DE874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4a:*:*:*:windows:*:*\",\"matchCriteriaId\":\"3C615B28-E03C-4DDC-A669-BADE920C0213\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru5:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E63D215D-0861-4128-9CDC-03ACF0B7BDFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E5810456-C8B7-4716-8836-8C23CF0D8503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"C9FEE5B1-CBF7-491E-B818-360C70EE6E1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp10:*:*:*:windows:*:*\",\"matchCriteriaId\":\"931383D4-DE13-4E90-B9D3-EDAA157E9A0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"3C10597C-BC98-46DF-A264-C6F782E22256\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp3:*:*:*:windows:*:*\",\"matchCriteriaId\":\"8FB5E6EE-0336-4C51-A348-DF6669D424F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp4:*:*:*:windows:*:*\",\"matchCriteriaId\":\"DCBEC4B9-10F8-48B8-BE07-9646F4D15CF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp5:*:*:*:windows:*:*\",\"matchCriteriaId\":\"F7F7472F-8126-420C-B04E-112A01865804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp6:*:*:*:windows:*:*\",\"matchCriteriaId\":\"309BB292-60D3-4D6A-A9EB-B1741A202162\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp7:*:*:*:windows:*:*\",\"matchCriteriaId\":\"57354358-0C2D-4DE4-BE79-1EA80A20517C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp8:*:*:*:windows:*:*\",\"matchCriteriaId\":\"737E64E5-3F7B-4C5D-B1AB-54241D9C8852\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"DD3E3D04-80C5-46B6-A1AC-EF0AA15F9CB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14:mp1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"FE526090-27CE-4CA8-84FD-37973B75BE28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.0.0:mp2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"4853BEBB-F207-489E-ABEB-AE2A8AEC2086\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.0.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E86D69CD-40A6-4F8E-8B07-41D6E3B8FD32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"4C30BA87-1FD2-4CBE-AC8B-AA57B9AA91D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"F3A02563-3A73-44E9-8169-5904B93CEB12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.2:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"D088B925-70DF-4CA1-B840-81C10F52049A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.2:mp1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"901E887F-74DA-457B-A124-F3692CE76209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:nis-22.15.2.22:*:*:*:small_business:*:*:*\",\"matchCriteriaId\":\"F562DF12-99D5-4111-9CD6-D1E5B7920225\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:sep-12.1.7484.7002:*:*:*:small_business:*:*:*\",\"matchCriteriaId\":\"33FAAF42-04C9-430C-8C9A-F707AB6B469C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.16.3\",\"matchCriteriaId\":\"31AFAAF0-ED33-4C9E-9708-456766A8A61F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection_cloud_agent:*:*:*:*:small_business:*:*:*\",\"versionEndExcluding\":\"3.00.31.2817\",\"matchCriteriaId\":\"5B36DE59-81E1-4800-96CB-C9281C15E2F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_security:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"22.16.3\",\"matchCriteriaId\":\"C5C50AD8-9816-4DDE-B8A7-1243BF2E56BF\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107994\",\"source\":\"secure@symantec.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.symantec.com/en_US/article.SYMSA1479.html\",\"source\":\"secure@symantec.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107994\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.symantec.com/en_US/article.SYMSA1479.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.