what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Symantec Endpoint Protection Information Disclosure / Privilege Escalation

Symantec Endpoint Protection Information Disclosure / Privilege Escalation
Posted Dec 6, 2019
Authored by Kyriakos Economou | Site labs.nettitude.com

A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Symantec Endpoint Protection versions 14.x below 14.2 (RU1) and 12.x below 12.1 (RU6 MP10) are affected. Symantec Endpoint Protection Small Business Edition versions 12.x below 12.1 (RU6 MP10c) are affected.

tags | advisory, info disclosure
advisories | CVE-2019-12750
SHA-256 | ba684560b58492719e146b7962feca0b68d0d97a728a6b906962fa4a1fc92df6

Symantec Endpoint Protection Information Disclosure / Privilege Escalation

Change Mirror Download
Advisory
A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host.

Products Affected
Symantec Endpoint Protection v14.x < v14.2 (RU1)
Symantec Endpoint Protection v12.x < 12.1 (RU6 MP10)
Symantec Endpoint Protection Small Business Edition v12.x < 12.1 (RU6 MP10c)

https://support.symantec.com/us/en/article.SYMSA1487.html
https://labs.nettitude.com/blog/cve-2019-12750-symantec-endpoint-protection-local-privilege-escalation-part-1/

Timeline
Date of discovery: April 2019
Vendor informed: 18 April 2019
Vendor Acknowledged: 19 April 2019
Vendor Requested Extra Time: 19 April 2019
Advisory [1]: 31 July 2019
Nettitude blog [2]: 5 December 2019

References

1. https://support.symantec.com/us/en/article.SYMSA1487.html

2. https://labs.nettitude.com/blog/cve-2019-12750-symantec-endpoint-protection-local-privilege-escalation-part-1/

Kyriakos Economou
Senior Vulnerability Researcher


T: 0345 520 0085

E: keconomou@nettitude.com


UK: 1 Jephson Court, Tancred Cl, Leamington Spa, CV31 3RZ

[cid:image002.png@01D5AC18.B5AAA630]



[Facebook icon] <https://en-gb.facebook.com/Nettitude/> [LinkedIn icon] <https://www.linkedin.com/company/nettitude-group> [Twitter icon] <https://twitter.com/Nettitude_group> [Youtbue icon] <https://www.youtube.com/channel/UCRUUESU5OTfRte0P-pm2MZQ>
















___________________________________________________________________________________
Lloyd’s Register and variants of it are trading names of Lloyd’s Register Group Limited, its subsidiaries and affiliates.
Nettitude Limited, registered in England, registered number 4705154
Registered office: 1 Jephson Court, Tancred Close, Leamington Spa, Warwickshire, CV31 3RZ. A member of the Lloyd’s Register group.

Lloyd’s Register Group Limited, its affiliates and subsidiaries and their respective officers, employees or agents are individually and collectively, referred to in this clause as ‘Lloyd’s Register’. Lloyd’s Register assumes no responsibility and shall not be liable to any person for any loss, damage or expense caused by reliance on the information or advice in this document or howsoever provided, unless that person has signed a contract with the relevant Lloyd’s Register entity for the provision of this information or advice and in that case any responsibility or liability is exclusively on the terms and conditions set out in that contract.
___________________________________________________________________________________
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    22 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close