Race Condition Vulnerability in Symantec Endpoint Protection Software
CVE-2018-5236

5.3MEDIUM

Key Information:

Vendor

Symantec Corporation

Status
Symantec Endpoint Protection
Vendor
CVE Published:
20 June 2018

What is CVE-2018-5236?

A race condition vulnerability exists in Symantec Endpoint Protection that may allow an attacker to exploit the timing of events within the software process. This flaw occurs when the output of a process is influenced by the sequence or timing of uncontrollable events, potentially leading to unexpected behavior or security breaches.

Affected Version(s)

Symantec Endpoint Protection Prior to 14 RU1 MP1 or 12.1 RU6 MP10

References

http://www.securityfocus.com/bid/104198
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041180
vdb-entryx_refsource_SECTRACK
https://support.symantec.com/en_US/article.SYMSA1454.html
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.