Privilege Escalation in Symantec Endpoint Detection and Response by Broadcom
CVE-2022-37015

9.8CRITICAL

Key Information:

Vendor: Symantec
Status: Symantec Endpoint Detection And Response
Vendor: CVE Published:; 8 November 2022

What is CVE-2022-37015?

The Symantec Endpoint Detection and Response (SEDR) Appliance prior to version 4.7.0 contains a vulnerability that allows attackers to exploit the system and gain elevated access to protected resources. By potentially compromising the software application, an attacker may manipulate sensitive functions and information, heightening the risk of unauthorized operations and data breaches within the enterprise environment.

Affected Version(s)

Symantec Endpoint Detection and Response 4.6.x

References

https://support.broadcom.com/external/content/SecurityAdv...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2022
Vulnerability Reserved
Jul 28, 2022