CVE-2016-5311

EPSS 0.29%
Published 09.01.2020 20:15:11
Last modified 21.11.2024 02:54:04
Source secure@symantec.com
Teams watchlist Login
Open Login

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Endpoint Protection Version < 22.8.0.50

Symantec ≫ Endpoint Protection Cloud Version < 22.8.0.50

Symantec ≫ Norton 360 Version < 22.7

Symantec ≫ Norton Antivirus Version < 22.7

Symantec ≫ Norton Antivirus With Backup Version < 22.7

Symantec ≫ Norton Family Version < 22.7

Symantec ≫ Norton Internet Security Version < 22.7

Symantec ≫ Norton Security Version < 22.7

Symantec ≫ Norton Security With Backup Version < 22.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.493

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

http://www.securityfocus.com/bid/94295

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037323

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037324

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037325

Third Party Advisory

VDB Entry