Privilege Escalation in Symantec Endpoint Encryption Affects Security Management
CVE-2017-15526

6.8MEDIUM

Key Information:

Vendor: Symantec Corporation
Status: Symantec Endpoint Encryption
Vendor: CVE Published:; 13 November 2017

🔔 Create Symantec Corporation Vulnerability Alert

What is CVE-2017-15526?

The Symantec Endpoint Encryption product versions before 11.1.3MP1 are affected by a null pointer de-reference issue, which may lead to a NullPointerException. This error can be exploited, resulting in a privilege escalation scenario, potentially allowing unauthorized access or control over the system. It is essential for users to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Symantec Endpoint Encryption Prior to SEE v11.1.3MP1

References

https://www.symantec.com/security_response/securityupdate...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101698

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2017
Vulnerability Reserved
Oct 17, 2017