Arbitrary File Write Vulnerability in Symantec Endpoint Protection Products
CVE-2020-5825

5.5MEDIUM

Key Information:

Vendor: Symantec
Status: Symantec Endpoint Protection (sep) And Symantec Endpoint Protection Small Business Edition (sep Sbe)
Vendor: CVE Published:; 11 February 2020

Summary

Symantec Endpoint Protection and Symantec Endpoint Protection Small Business Edition are impacted by an arbitrary file write vulnerability. This issue allows an attacker to overwrite files on the affected systems without the necessary permissions, potentially leading to unauthorized modifications and security breaches. It is crucial for users to update to the latest versions to mitigate this risk. More information can be found on Symantec's support page.

Affected Version(s)

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively

References

https://support.symantec.com/us/en/article.SYMSA1505.html

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2020
Vulnerability Reserved
Jan 6, 2020