Password Protection Bypass in Symantec Endpoint Protection by Symantec
CVE-2019-12756

2.3LOW

Key Information:

Vendor: Symantec
Status: Symantec Endpoint Protection (sep)
Vendor: CVE Published:; 15 November 2019

What is CVE-2019-12756?

Symantec Endpoint Protection (SEP) versions prior to 14.2 RU2 are exposed to a password protection bypass vulnerability. This security flaw enables individuals with local administrator privileges to circumvent the secondary layer of password protection, potentially allowing unauthorized access to protected features and sensitive configurations.

Affected Version(s)

Symantec Endpoint Protection (SEP) prior to 14.2 RU2

References

https://support.symantec.com/us/en/article.SYMSA1488.html

x_refsource_MISC

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2019
Vulnerability Reserved
Jun 6, 2019