fkie_cve-2016-9093
Vulnerability from fkie_nvd
Published
2018-04-16 19:29
Modified
2024-11-21 03:00
Severity ?
7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine.
References
secure@symantec.comhttp://www.securityfocus.com/bid/96294Third Party Advisory, VDB Entry
secure@symantec.comhttp://www.securitytracker.com/id/1037961Third Party Advisory, VDB Entry
secure@symantec.comhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96294Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037961Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00Vendor Advisory
Impacted products
Vendor Product Version
symantec endpoint_protection *
symantec endpoint_protection 12.1.6
symantec endpoint_protection 12.1.6
symantec endpoint_protection 12.1.6
symantec endpoint_protection 12.1.6
symantec endpoint_protection 12.1.6
symantec endpoint_protection 12.1.6
symantec endpoint_protection 12.1.6


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "930EF2D4-C3F1-4A86-BD34-FE228D66BF05",
                     versionEndIncluding: "12.1.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
                     matchCriteriaId: "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*",
                     matchCriteriaId: "9F6B238A-F29B-4FBD-8212-4ECEA485CBCB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
                     matchCriteriaId: "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
                     matchCriteriaId: "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
                     matchCriteriaId: "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp5:*:*:*:*:*:*",
                     matchCriteriaId: "D72DE621-13F0-4794-AF17-98D331B9F647",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp6:*:*:*:*:*:*",
                     matchCriteriaId: "8B93AD9D-B760-4E16-823F-F2D2D4E34F24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine.",
      },
      {
         lang: "es",
         value: "Una versión del controlador SymEvent que se distribuye con Symantec Endpoint Protection 12.1 RU6 MP6 y anteriores no sanea correctamente las entradas de un usuario que haya iniciado sesión. SEP 14.0 y siguientes no se ha visto afectado por este problema. Un usuario no administrativo tendría que ser capaz de guardar un archivo ejecutable en el disco y, después, ejecutarlo con éxito. Si se construye correctamente, el archivo podría acceder a la interfaz del controlador y manipular ciertas llamadas del sistema. En todos los sistemas de 32 bits y, en la mayoría de casos, en sistemas de 64 bits, esto resultará en una denegación de servicio (DoS) que provocará el cierre inesperado del sistema. En circunstancias muy concretas, y solo en sistemas de 64 bits, esto podría permitir que el usuario ejecute código arbitrario en la máquina local con privilegios de nivel de kernel. Esto podría resultar en que un usuario no privilegiado obtenga acceso privilegiado en la máquina local.",
      },
   ],
   id: "CVE-2016-9093",
   lastModified: "2024-11-21T03:00:35.260",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 6.9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-04-16T19:29:00.247",
   references: [
      {
         source: "secure@symantec.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/96294",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037961",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/96294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037961",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.