PT-2023-1434 · Symantec · Symantec Endpoint Protection

Moon Chan Hyuk

Published

2023-01-20

Updated

2025-04-03

CVE-2022-25631

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions prior to 14.3 RU6 (14.3.9210.6000)

Description The issue is related to insufficient access control in Symantec Endpoint Protection, which may allow an attacker to elevate their privileges. This could enable an attacker to compromise the software application and gain elevated access.

Recommendations For Symantec Endpoint Protection versions prior to 14.3 RU6 (14.3.9210.6000), update to version 14.3 RU6 (14.3.9210.6000) or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2023-00841

CVE-2022-25631

Affected Products

Symantec Endpoint Protection

PT-2023-1434 · Symantec · Symantec Endpoint Protection

CVE-2022-25631

Weakness Enumeration

Related Identifiers

Affected Products

References · 6