Password Protection Bypass in Symantec Endpoint Protection by Symantec
CVE-2019-12756

2.3LOW

Key Information:

Vendor

Symantec
Status
Symantec Endpoint Protection (sep)
Vendor
CVE Published:
15 November 2019

What is CVE-2019-12756?

Symantec Endpoint Protection (SEP) versions prior to 14.2 RU2 are exposed to a password protection bypass vulnerability. This security flaw enables individuals with local administrator privileges to circumvent the secondary layer of password protection, potentially allowing unauthorized access to protected features and sensitive configurations.

Affected Version(s)

Symantec Endpoint Protection (SEP) prior to 14.2 RU2

References

https://support.symantec.com/us/en/article.SYMSA1488.html
x_refsource_MISC

CVSS V3.1

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2019-12756 : Password Protection Bypass in Symantec Endpoint Protection by Symantec