Certificate Spoofing Vulnerability in Norton Security by Symantec
CVE-2017-15528

3.7LOW

Key Information:

Vendor

Norton

Status
Install Norton Security
Vendor
CVE Published:
22 November 2017

What is CVE-2017-15528?

Norton Security prior to version 7.6 is vulnerable to a certificate spoofing attack. This occurs when an attacker obtains a fraudulent certificate that links their public key to the target's domain, potentially allowing them to intercept or manipulate communications. Users of affected versions may be exposed to significant security risks, including data breaches and unauthorized access. It is essential for users to upgrade to the latest version to mitigate this vulnerability and enhance their cybersecurity posture.

References

http://www.securityfocus.com/bid/101796
vdb-entryx_refsource_BID
https://www.info-sec.ca/advisories/Norton-Security.html
x_refsource_MISC
https://www.symantec.com/security_response/securityupdate...
x_refsource_CONFIRM

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.