Privilege Escalation Vulnerability in Norton Identity Safe Software by Symantec
CVE-2018-12240

5.9MEDIUM

Key Information:

Vendor: Symantec Corporation
Status: Norton Identity Safe For Android
Vendor: CVE Published:; 29 August 2018

What is CVE-2018-12240?

Norton Identity Safe prior to version 5.3.0.976 has a privilege escalation vulnerability that arises from the use of a hard-coded initialization vector (IV). This flaw can allow unauthorized access to encrypted data, potentially enabling an attacker to recover sensitive information without possessing the required credentials, thus undermining user data security. Organizations utilizing affected versions are advised to upgrade to mitigate this risk.

Affected Version(s)

Norton Identity Safe for Android Prior to 5.3.0.976

References

http://www.securityfocus.com/bid/105146

vdb-entryx_refsource_BID

https://support.symantec.com/en_US/article.SYMSA1460.html

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2018
Vulnerability Reserved
Jun 12, 2018

Symantec Corporation

What is CVE-2018-12240?

Affected Version(s)

References

CVSS V3.1

Timeline