Vulnerability CVE-2017-15528
Published: 2017-11-22

Description:
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Norton Security For Mac Man-In-The-Middle
David Coomber
28.04.2018

Type:

CWE-295

 (Certificate Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/bid/101796
https://www.info-sec.ca/advisories/Norton-Security.html
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00
Copyright 2024, cxsecurity.com

 

Back to Top