Privilege Escalation Vulnerability in Symantec IT Management Suite and Encryption Products
CVE-2016-6590

7.8HIGH

Key Information:

Vendor
Symantec
Status
It Management Suite
Ghost Solution Suite
Symantec Endpoint Virtualization
Encryption Desktop
Vendor
CVE Published:
8 January 2020

Summary

A vulnerability exists in certain Symantec products that enables a local malicious user to execute arbitrary code due to improper handling of DLL files during system boot and reboot processes. This affects multiple versions of Symantec IT Management Suite, Ghost Solution Suite, Endpoint Virtualization, and Encryption Desktop, creating significant security risks for enterprise environments relying on these solutions. It is essential for users to apply the appropriate patches or updates to safeguard against potential exploitation.

Affected Version(s)

Encryption Desktop 0.x prior to 10.4.1

Encryption Desktop = n/a

Ghost Solution Suite 3.1 prior to 3.1 MP4

References

http://www.securityfocus.com/bid/94279
x_refsource_MISC
http://www.securitytracker.com/id/1037302
x_refsource_MISC
https://support.symantec.com/us/en/article.symsa1385.html
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.