Race Condition Vulnerability in Symantec Endpoint Protection Manager
CVE-2020-5835

7HIGH

Key Information:

Vendor: Symantec
Status: Symantec Endpoint Protection Manager
Vendor: CVE Published:; 11 May 2020

Summary

A race condition exists in the client remote deployment feature of Symantec Endpoint Protection Manager, which allows unauthorized users to execute arbitrary code with elevated privileges on affected remote systems. This vulnerability may be exploited by an attacker to gain increased access rights, potentially compromising sensitive data and operations within the managed environment.

Affected Version(s)

Symantec Endpoint Protection Manager Prior to 14.3

References

https://support.broadcom.com/security-advisory/security-a...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2020
Vulnerability Reserved
Jan 6, 2020