CVE-2022-37017

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection (Windows) versions prior to 14.3 RU6/14.3 RU5 Patch 1

Description The issue is related to a Security Control Bypass, which can potentially allow a threat actor to circumvent existing security controls. This specifically applies to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.

Recommendations For versions prior to 14.3 RU6, update to 14.3 RU6 or later to resolve the issue. For versions prior to 14.3 RU5 Patch 1, apply Patch 1 or later to resolve the issue. As a temporary workaround, consider disabling the Client User Interface Password protection and Policy Import/Export Password protection until a patch is available.