Unauthorized File Deletion Vulnerability in Symantec Endpoint Protection
CVE-2017-13680

5.5MEDIUM

Key Information:

Vendor
Symantec Corporation
Status
Symantec Endpoint Protection
Vendor
CVE Published:
6 November 2017

Summary

Prior to specific updates, Symantec Endpoint Protection for Windows could be exploited through its user interface, allowing attackers to delete files from the system without authorization. This vulnerability could aid malicious actors in compromising the integrity of the file system, leading to potential data loss or unauthorized access to sensitive information. Users are urged to apply the necessary updates to mitigate this risk.

Affected Version(s)

Symantec Endpoint Protection Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1

References

http://www.securityfocus.com/bid/101503
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039775
vdb-entryx_refsource_SECTRACK
https://www.symantec.com/security_response/securityupdate...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.