PT-2023-1434 · Symantec · Symantec Endpoint Protection

Moon Chan Hyuk

Publicado

2023-01-20

Atualizado

2025-04-03

CVE-2022-25631

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions prior to 14.3 RU6 (14.3.9210.6000)

Description The issue is related to insufficient access control in Symantec Endpoint Protection, which may allow an attacker to elevate their privileges. This could enable an attacker to compromise the software application and gain elevated access.

Recommendations For Symantec Endpoint Protection versions prior to 14.3 RU6 (14.3.9210.6000), update to version 14.3 RU6 (14.3.9210.6000) or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.

Correção

LPE

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

BDU:2023-00841

CVE-2022-25631

Produtos afetados

Symantec Endpoint Protection

PT-2023-1434 · Symantec · Symantec Endpoint Protection

CVE-2022-25631

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6