Friday, June 28, 2019

Vuln: Symantec Endpoint Encryption CVE-2019-9703 Local Privilege Escalation Vulnerability



Symantec Endpoint Encryption is prone to an unspecified local privilege-escalation vulnerability.

Local attackers can exploit this issue to gain elevated privileges.

Versions prior to Symantec Endpoint Encryption 11.3.0 are vulnerable.
exploit



Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
solution



Solution:
Updates are available. Please see the references or vendor advisory for more information.

info



Bugtraq ID: 108796
Class: Design Error
CVE: CVE-2019-9703
Remote: No
Local: Yes
Published: Jun 28 2019 12:00AM
Updated: Jun 28 2019 12:00AM
Credit: Kyriakos Economou (@kyREcon) of Nettitude.
Vulnerable: Symantec Endpoint Encryption 11.2
Symantec Endpoint Encryption 11.1.3
Symantec Endpoint Encryption 11.1.2
Symantec Endpoint Encryption 11.1.1
Symantec Endpoint Encryption 11.1
Symantec Endpoint Encryption 11.2.1 MP1
Symantec Endpoint Encryption 11.1.3 MP1
Symantec Endpoint Encryption 11.1.3 HF3
Symantec Endpoint Encryption 11.1.3 HF2
Symantec Endpoint Encryption 11.0
Symantec Encryption Desktop 10.4.1 MP1
Symantec Encryption Desktop 10.3
Symantec Encryption Desktop 10.4.1 MP2HF1
Symantec Encryption Desktop 10.4.1 MP2
Symantec Encryption Desktop 10.3.2 MP3
Symantec Encryption Desktop 10.3.2
Symantec Encryption Desktop 10.3.1
Symantec Encryption Desktop 10.3.0 MP3
Symantec Encryption Desktop 10.3.0 MP2
Not Vulnerable: Symantec Endpoint Encryption 11.3.0
references



References:


from SecurityFocus Vulnerabilities https://ift.tt/2JcjnCI

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.