Privilege Escalation Vulnerability in Symantec Endpoint Protection
CVE-2017-13681

7.8HIGH

Key Information:

Vendor

Symantec Corporation

Status
Symantec Endpoint Protection
Vendor
CVE Published:
6 November 2017

What is CVE-2017-13681?

Certain versions of Symantec Endpoint Protection are exposed to a privilege escalation vulnerability that may allow an unauthorized user to gain elevated access to resources that should be protected at lower access levels. This vulnerability requires multiple file and directory writes to the local filesystem for exploitation, making it less likely to be exploited through standard attack vectors such as drive-by downloads. It is crucial for organizations using affected versions to apply the latest updates to mitigate potential risks.

Affected Version(s)

Symantec Endpoint Protection Prior to SEP 12.1 RU6 MP9

References

http://www.securitytracker.com/id/1039775
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101504
vdb-entryx_refsource_BID
https://www.symantec.com/security_response/securityupdate...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.