CVE-2018-18366

EPSS 0.09%
Published 25.04.2019 20:29:02
Last modified 21.11.2024 03:55:48
Source secure@symantec.com
Teams watchlist Login
Open Login

Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Endpoint Protection Version11.0 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updatemr1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updatemr2 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updatemr3 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updatemr4 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updatemr4-mp2 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru5 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru6 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru6-mp1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru6-mp2 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru6-mp3 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru6a SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru7 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru7-mp1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru7-mp2 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru7-mp4 SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updateru7-mp4a SwPlatformwindows

Symantec ≫ Endpoint Protection Version11.0 Updatery7-mp3 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru1-mp1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru2 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru2-mp1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru3 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru4 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru4-mp1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru4-mp1a SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru4-mp1b SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru4a SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru5 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru6 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru6-mp1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru6-mp10 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru6-mp2 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru6-mp3 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru6-mp4 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru6-mp5 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru6-mp6 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru6-mp7 SwPlatformwindows

Symantec ≫ Endpoint Protection Version12.1 Updateru6-mp8 SwPlatformwindows

Symantec ≫ Endpoint Protection Version14 SwPlatformwindows

Symantec ≫ Endpoint Protection Version14 Updatemp1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version14.0.0 Updatemp2 SwPlatformwindows

Symantec ≫ Endpoint Protection Version14.0.1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version14.0.1 Updatemp1 SwPlatformwindows

Symantec ≫ Endpoint Protection Version14.0.1 Updatemp2 SwPlatformwindows

Symantec ≫ Endpoint Protection Version14.2 SwPlatformwindows

Symantec ≫ Endpoint Protection Version14.2 Updatemp1 SwPlatformwindows

Symantec ≫ Endpoint Protection Versionnis-22.15.2.22 SwEditionsmall_business

Symantec ≫ Endpoint Protection Versionsep-12.1.7484.7002 SwEditionsmall_business

Symantec ≫ Endpoint Protection Cloud Version < 22.16.3

Symantec ≫ Endpoint Protection Cloud Agent SwEditionsmall_business Version < 3.00.31.2817

Symantec ≫ Norton Security SwPlatformwindows Version < 22.16.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.219

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2	4	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://support.symantec.com/en_US/article.SYMSA1479.html

Vendor Advisory

http://www.securityfocus.com/bid/107994

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-18366

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-18366

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-18366

EUVD