A vulnerability was found in Symantec Management Agent up to 7.6 HF6/8.0 HF5/8.1 RU6. It has been declared as critical. Affected by this vulnerability is some unknown processing of the component Inventory Plugin. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.

The bug was discovered 07/16/2018. The weakness was released 07/25/2018 (Website). It is possible to read the advisory at support.symantec.com. This vulnerability is known as CVE-2018-5240 since 01/04/2018. The exploitation appears to be easy. Access to the local network is required for this attack to succeed. Required for exploitation is a single authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

The vulnerability was handled as a non-public zero-day exploit for at least 9 days. During that time the estimated underground price was around $5k-$25k.

Applying the patch 7.6 HF7/8.0 HF6/8.1 RU7 is able to eliminate this problem.

Productinfo

Vendor

• Symantec

Name

• Management Agent

Version

• 7.6 HF6
• 8.0 HF5
• 8.1 RU6

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion