7.8
CVE-2016-6590
- EPSS 0.06%
- Veröffentlicht 08.01.2020 16:15:10
- Zuletzt bearbeitet 21.11.2024 02:56:23
- Quelle secure@symantec.com
- Teams Watchlist Login
- Unerledigt Login
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Symantec ≫ Encryption Desktop Version >= 10.0.0 < 10.4.1
Symantec ≫ Endpoint Encryption Version >= 7.0 < 7.6
Symantec ≫ Endpoint Encryption Version7.6
Symantec ≫ Ghost Solution Suite Version3.1 Update-
Symantec ≫ Ghost Solution Suite Version3.1 Updatemaintenance_pack1
Symantec ≫ Ghost Solution Suite Version3.1 Updatemaintenance_pack2
Symantec ≫ Ghost Solution Suite Version3.1 Updatemaintenance_pack3
Symantec ≫ It Management Suite Version7.6
Symantec ≫ It Management Suite Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.151 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.