Vulnerability CVE-2018-12239


Published: 2018-11-29

Description:
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected.

Type:

CWE-254

(Security Features)

Vendor: Symantec
Product: Norton antivirus 
Version:
9.0.6.1000
9.0.5.1100
9.0.5
9.0.4
9.0.3.1000
9.0.3
9.0.2.1000
9.0.2
9.0.1.1000
9.0.1.1.1000
9.0.1
9.0.0.338
9.0.0
9.0
8.1.1.377
8.1.1.366
8.1.1.329
8.1.1.323
8.1.1.319
8.1.1
8.1.0.825a
8.1
8.01.471
8.01.464
8.01.460
8.01.457
8.01.446
8.01.437
8.01.434
8.0.1.501
8.0.1
5.0
2.5
2.1
2.0
10.1
10.0.2.2021
10.0.2.2020
10.0.2.2011
10.0.2.2010
10.0.2.2002
10.0.2.2001
10.0.2.2000
10.0.1.1008
10.0.1.1007
10.0.1.1000
10.0.1
10.0.0.359
10.0.0
10.0
1.0
Product: Endpoint protection 
Version:
12.1.671
12.1.6
12.1.4
12.1.3
12.1.2.1
12.1.2
12.1.1000
12.1.1.1
12.1.1
12.1
12.0
11.0.7100
11.0.7000
11.0.7.3
11.0.7.2
11.0.7.1
11.0.7
11.0.6300
11.0.6200.754
11.0.6200
11.0.6100
11.0.6000
11.0.4
11.0.3001
11.0.2
11.0.1
11.0

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/105918
https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html

Related CVE
CVE-2019-12755
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have ac...
CVE-2019-9697
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwis...
CVE-2019-12754
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other use...
CVE-2019-12753
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not ...
CVE-2018-18371
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext au...
CVE-2018-18370
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject m...
CVE-2019-12750
Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue wh...
CVE-2019-12751
Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are nor...

Copyright 2019, cxsecurity.com

 

Back to Top