Privilege Escalation in Symantec Endpoint Encryption Affects Security Management
CVE-2017-15526

6.8MEDIUM

Key Information:

Vendor
CVE Published:
13 November 2017

What is CVE-2017-15526?

The Symantec Endpoint Encryption product versions before 11.1.3MP1 are affected by a null pointer de-reference issue, which may lead to a NullPointerException. This error can be exploited, resulting in a privilege escalation scenario, potentially allowing unauthorized access or control over the system. It is essential for users to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Symantec Endpoint Encryption Prior to SEE v11.1.3MP1

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.