4.3
CVE-2017-15528
- EPSS 0.61%
- Veröffentlicht 22.11.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle secure@symantec.com
- CVE-Watchlists
- Unerledigt
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Norton ≫ Install Norton Security SwPlatformmacos Version < 7.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.447 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
http://www.securityfocus.com/bid/101796
https://www.info-sec.ca/advisories/Norton-Security.html
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00