FKIE_CVE-2020-5825
Vulnerability from fkie_nvd - Published: 2020-02-11 18:15 - Updated: 2024-11-21 05:34
Severity ?
Summary
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FF3B36FF-5C26-4565-A23A-789D1158B867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr1:*:*:*:*:*:*",
"matchCriteriaId": "C5DCB89C-80FD-45FE-AD93-6192A53B7563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr2:*:*:*:*:*:*",
"matchCriteriaId": "06401D10-3664-4070-B2DB-232474264D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr3:*:*:*:*:*:*",
"matchCriteriaId": "2AD1793E-2D25-41F4-9E99-D0FC7A4F1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr4:*:*:*:*:*:*",
"matchCriteriaId": "924E3111-CF09-43A8-96C9-A617FD839897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr4-mp1a:*:*:*:*:*:*",
"matchCriteriaId": "922A551D-0624-422F-ABB7-44168A985D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr4-mp2:*:*:*:*:*:*",
"matchCriteriaId": "89252C37-555E-4B73-95B5-6D8827F679CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru5:*:*:*:*:*:*",
"matchCriteriaId": "F9E055CC-55A9-4F52-BBC5-53126A581D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6:*:*:*:*:*:*",
"matchCriteriaId": "A1DD0DB8-3108-4A6C-83D4-D1DA9CB1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp1:*:*:*:*:*:*",
"matchCriteriaId": "0E19B9F1-DDD6-40F0-840C-575DEDCB7416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp2:*:*:*:*:*:*",
"matchCriteriaId": "C06118E9-B6F8-4DDD-A28F-09FF69C82067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp3:*:*:*:*:*:*",
"matchCriteriaId": "2FEAD5EE-45BB-4E9C-948D-1B8D695DDF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6a:*:*:*:*:*:*",
"matchCriteriaId": "435109B2-F971-4059-8E5C-76C53A161836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7:*:*:*:*:*:*",
"matchCriteriaId": "104B1371-BE9C-45F6-9579-0AA9B4097980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp1:*:*:*:*:*:*",
"matchCriteriaId": "B5A7BFF4-D70C-44B2-BF64-CD655CC7EFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp2:*:*:*:*:*:*",
"matchCriteriaId": "93A60260-E495-448B-91CA-026E696A67EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp3:*:*:*:*:*:*",
"matchCriteriaId": "D2AA1BA0-F242-4E4E-BE52-003C5617D6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4:*:*:*:*:*:*",
"matchCriteriaId": "323F32E0-82FD-4F96-9CED-90D67AFE15FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4a:*:*:*:*:*:*",
"matchCriteriaId": "6E8B19CE-8C63-4EEB-A6B8-CC46A7CE15F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BD54A6EB-AA9A-4AEF-901A-8108672A0E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru1:*:*:*:*:*:*",
"matchCriteriaId": "2CB77AE7-55B2-40DC-B860-6AF02E3C1BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru1-p1:*:*:*:*:*:*",
"matchCriteriaId": "853104E0-92B7-4414-8912-0D8CDBBCF905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru2:*:*:*:*:*:*",
"matchCriteriaId": "A957A7B6-D107-4784-8948-52317B3552BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru2-mp1:*:*:*:*:*:*",
"matchCriteriaId": "E21ED16B-35C3-4754-94D8-C57F18CC9CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru3:*:*:*:*:*:*",
"matchCriteriaId": "1F4C3A3A-9D7D-4AFB-B256-99102468843A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4:*:*:*:*:*:*",
"matchCriteriaId": "6C1C08C5-4598-42C1-AEDE-EE85D8457175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1:*:*:*:*:*:*",
"matchCriteriaId": "66499F19-33EE-4280-9C47-9ECA04EDED1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1a:*:*:*:*:*:*",
"matchCriteriaId": "640E8481-AB57-470E-BFDC-6DD70A79337B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1b:*:*:*:*:*:*",
"matchCriteriaId": "95E7B32C-6614-44A7-AE9E-4F0D7EBE3559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4a:*:*:*:*:*:*",
"matchCriteriaId": "1456573A-17DA-4EC5-A7B6-2371574336B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru5:*:*:*:*:*:*",
"matchCriteriaId": "31E46D5C-65C9-4D36-B230-F3F519C36015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6:*:*:*:*:*:*",
"matchCriteriaId": "A72E7D67-F3BD-404A-B9CB-6241AAE1D6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp1:*:*:*:*:*:*",
"matchCriteriaId": "1FB729C3-FECA-4CA1-8504-7A627EA34219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp2:*:*:*:*:*:*",
"matchCriteriaId": "8F8781A1-AFF1-4F00-9951-D2EE57F423F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp3:*:*:*:*:*:*",
"matchCriteriaId": "5C8CC48B-A8BA-471D-8D32-F778F7C29C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp4:*:*:*:*:*:*",
"matchCriteriaId": "25552D01-9EB4-4DEA-A8FE-618BB01FDDAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp5:*:*:*:*:*:*",
"matchCriteriaId": "DB283B1A-D3EC-46A6-893F-98F73D325C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp6:*:*:*:*:*:*",
"matchCriteriaId": "9E0E94AA-26D9-4B14-8C12-ADD7BA262DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp7:*:*:*:*:*:*",
"matchCriteriaId": "0B8B7847-FCF6-4A46-B515-CE7E5489E1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp8:*:*:*:*:*:*",
"matchCriteriaId": "FE626FA0-B277-4C6D-B2E9-A3DDD31D0E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp9:*:*:*:*:*:*",
"matchCriteriaId": "AE01DAE4-7B10-4A1C-9401-769A1E72EBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C0592370-C2A7-459C-9A0D-16D180D1FA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.0:mp1:*:*:*:*:*:*",
"matchCriteriaId": "E8D921D0-9739-4A1D-82BC-7DC6C71BCBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.0:mp2:*:*:*:*:*:*",
"matchCriteriaId": "19F9E1C6-D313-405C-BB84-59101D76897B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "7D5D05E3-D07F-495F-AF55-C6F43EA43524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp1:*:*:*:*:*:*",
"matchCriteriaId": "33856A4A-9208-4197-A3CA-42BEC64113A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp2:*:*:*:*:*:*",
"matchCriteriaId": "DEA0F4D4-EF6A-49F9-A1ED-51F654159E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.2:-:*:*:*:*:*:*",
"matchCriteriaId": "EC76BE02-C247-4929-8C0F-D3931E34E59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.2:mp1:*:*:*:*:*:*",
"matchCriteriaId": "8B72B183-77B9-4C71-9851-5C370291B575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.2:ru1:*:*:*:*:*:*",
"matchCriteriaId": "C1DD3F0E-48D3-46E8-9A01-6EC4D7B3A4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.2:ru1_mp1:*:*:*:*:*:*",
"matchCriteriaId": "8239F4B8-F138-4A11-AE6F-28E2A095CEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.2:ru2:*:*:*:*:*:*",
"matchCriteriaId": "055D6076-B49D-46C2-893F-EBAB242C5141",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.0:rtm:*:*:small_business:*:*:*",
"matchCriteriaId": "23705BED-9C3C-4061-95DD-12B2181C4EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.0:ru1:*:*:small_business:*:*:*",
"matchCriteriaId": "68BFC5D3-BAEA-4865-AB30-F6613DDF9E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:-:*:*:small_business:*:*:*",
"matchCriteriaId": "160C21AA-9B5A-4ED8-9B5D-79A9E970A630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru1:*:*:small_business:*:*:*",
"matchCriteriaId": "27673629-7DC0-410E-8678-3FA2E730A5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru1-mp1:*:*:small_business:*:*:*",
"matchCriteriaId": "65EC28FF-C96B-4724-8640-1099E2E2D79E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru2:*:*:small_business:*:*:*",
"matchCriteriaId": "6D1E15FA-C164-4466-BA9E-404715DAD0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru2-mp1:*:*:small_business:*:*:*",
"matchCriteriaId": "2066F229-8CEA-4D54-899B-530870C4C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru3:*:*:small_business:*:*:*",
"matchCriteriaId": "CF1813B9-75E3-4A19-A17D-3126FA746A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4:*:*:small_business:*:*:*",
"matchCriteriaId": "E09FEE8C-9BA3-466E-9F1C-030434D80A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1:*:*:small_business:*:*:*",
"matchCriteriaId": "BDA598FF-E3A0-475D-B187-2273B3ACF914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1a:*:*:small_business:*:*:*",
"matchCriteriaId": "68BE46F8-65FC-41B8-9ACC-704EFAF6B711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1b:*:*:small_business:*:*:*",
"matchCriteriaId": "AAB2AC19-D271-4C1A-8589-CAFF2775BB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4a:*:*:small_business:*:*:*",
"matchCriteriaId": "CF7958FD-F9EB-4EE1-A178-32206BB6FE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru5:*:*:small_business:*:*:*",
"matchCriteriaId": "62015923-D616-4789-8A53-76FA5FCDF6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6:*:*:small_business:*:*:*",
"matchCriteriaId": "44811424-5F88-4E3F-AD79-734CD95FDAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6_mp1:*:*:small_business:*:*:*",
"matchCriteriaId": "A7810328-94AD-4826-874F-D38AAEA21D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6_mp10:*:*:small_business:*:*:*",
"matchCriteriaId": "1A4DDF46-92DA-4EA7-B4D5-68E39E136D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6_mp2:*:*:small_business:*:*:*",
"matchCriteriaId": "C41C3265-E746-4D7B-95E3-A3515EC5F411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6_mp3:*:*:small_business:*:*:*",
"matchCriteriaId": "18823C7F-A44D-4000-82E7-C4D6B9E1CE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6_mp4:*:*:small_business:*:*:*",
"matchCriteriaId": "82567378-2D08-4D8F-8BA5-40F15A7983E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6_mp5:*:*:small_business:*:*:*",
"matchCriteriaId": "2D141281-31B4-41D0-907F-19F0DCFB1494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6_mp6:*:*:small_business:*:*:*",
"matchCriteriaId": "390D774F-A648-47CC-BB9F-BDA4AA0A1730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6_mp7:*:*:small_business:*:*:*",
"matchCriteriaId": "309F36B2-9D6E-484A-9FBF-7DF83A58B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6_mp8:*:*:small_business:*:*:*",
"matchCriteriaId": "676C5206-1250-4C6C-A820-9870973DC0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6_mp9:*:*:small_business:*:*:*",
"matchCriteriaId": "DA8E420B-9055-4A63-A89E-A0FA45F93063",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges."
},
{
"lang": "es",
"value": "Symantec Endpoint Protection (SEP) y Symantec Endpoint Protection Small Business Edition (SEP SBE), versiones anteriores a 14.2 RU2 MP1 y versiones anteriores a 14.2.5569.2100 respectivamente, pueden ser susceptibles a una vulnerabilidad de escritura de archivos arbitraria, que es un tipo de problema por el cual un atacante es capaz de sobrescribir archivos existentes sobre el sistema residente sin los privilegios apropiados."
}
],
"id": "CVE-2020-5825",
"lastModified": "2024-11-21T05:34:39.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T18:15:16.997",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1505.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…