Symantec Endpoint Protection up to 12.1.5 Library privileges management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.6 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Symantec Endpoint Protection up to 12.1.5. Affected by this issue is some unknown functionality of the component Library Handler. The manipulation leads to privileges management. This vulnerability is traded as CVE-2014-9227. There is no exploit available. It is suggested to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, has been found in Symantec Endpoint Protection up to 12.1.5 (Anti-Malware Software). This issue affects an unknown code of the component Library Handler. The manipulation with an unknown input leads to a privileges management vulnerability. Using CWE to declare the problem leads to CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory.
The weakness was shared 06/17/2015 by Mike Czumak as SYM15-005 as confirmed advisory (Website). The advisory is shared at symantec.com. The identification of this vulnerability is CVE-2014-9227 since 12/03/2014. An attack has to be approached locally. A simple authentication is needed for exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 84368 (Symantec Endpoint Protection Manager < 12.1 RU6 Multiple Vulnerabilities (SYM15-005)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 123663 (Symantec Endpoint Protection Manager and Client Multiple Vulnerabilities (SYM15-005)).
Upgrading to version 12.1.6 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (103936), Tenable (84368), SecurityFocus (BID 75202†), SecurityTracker (ID 1032616†) and Vulnerability Center (SBV-52830†). The entries VDB-75990 and VDB-75991 are related to this item. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.6
VulDB Base Score: 5.3
VulDB Temp Score: 4.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 84368
Nessus Name: Symantec Endpoint Protection Manager < 12.1 RU6 Multiple Vulnerabilities (SYM15-005)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 801798
OpenVAS Name: Symantec Endpoint Protection Multiple Vulnerabilities Oct15
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Endpoint Protection 12.1.6
Timeline
12/03/2014 🔍06/17/2015 🔍
06/17/2015 🔍
06/17/2015 🔍
06/17/2015 🔍
06/18/2015 🔍
06/18/2015 🔍
06/24/2015 🔍
09/20/2015 🔍
09/21/2015 🔍
05/21/2022 🔍
Sources
Vendor: symantec.comAdvisory: SYM15-005
Researcher: Mike Czumak
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-9227 (🔍)
GCVE (CVE): GCVE-0-2014-9227
GCVE (VulDB): GCVE-100-75989
X-Force: 103936 - Symantec Endpoint Protection Manager privilege escalation
SecurityFocus: 75202 - Symantec Endpoint Protection Manager and Client CVE-2014-9228 Local Denial of Service Vulnerability
SecurityTracker: 1032616 - Symantec Endpoint Protection Lets Remote Authenticated Users Inject SQL Commands and Local Users Deny Service and Gain Elevated Privileges
Vulnerability Center: 52830 - Symantec Endpoint Protection before 12.1.6 Local Privilege Escalation via a Trojan Horse DLL, Medium
See also: 🔍
Entry
Created: 06/18/2015 18:26Updated: 05/21/2022 10:33
Changes: 06/18/2015 18:26 (48), 01/02/2018 09:57 (35), 05/21/2022 10:33 (3)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.