Privilege Escalation Vulnerability in Symantec Endpoint Protection by Broadcom
CVE-2022-37016

9.8CRITICAL

Key Information:

Vendor: Broadcom
Status: Symantec Endpoint Protection
Vendor: CVE Published:; 1 December 2022

What is CVE-2022-37016?

The Symantec Endpoint Protection (Windows) agent is vulnerable to an exploit that allows attackers to gain elevated access to restricted resources. This vulnerability could enable unauthorized manipulation of the security application, thereby compromising system integrity. Protecting against this type of threat involves ensuring that the software is updated and regularly monitored for unusual activity.

Affected Version(s)

Symantec Endpoint Protection 14.3 RU5

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2022
Vulnerability Reserved
Jul 28, 2022