CVE-2017-6331 - OpenCVE

Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Symantec	Endpoint Protection

Configuration 1 [-]

cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/101502	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039775	Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43134/	Exploit Issue Tracking Third Party Advisory VDB Entry
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: symantec

Published: 2017-11-06T00:00:00

Updated: 2017-11-17T10:57:01

Reserved: 2017-02-26T00:00:00

Link: CVE-2017-6331

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-06T23:29:00.330

Modified: 2020-09-16T13:15:23.520

Link: CVE-2017-6331

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Symantec Endpoint Protection", "vendor": "Symantec Corporation", "versions": [{"status": "affected", "version": "Prior to SEP 14 RU1"}]}], "datePublic": "2017-11-06T00:00:00", "descriptions": [{"lang": "en", "value": "Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients."}], "problemTypes": [{"descriptions": [{"description": "Tamper-protection bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-17T10:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"name": "43134", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43134/"}, {"name": "101502", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101502"}, {"name": "1039775", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039775"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-6331", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Symantec Endpoint Protection", "version": {"version_data": [{"version_value": "Prior to SEP 14 RU1"}]}}]}, "vendor_name": "Symantec Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Tamper-protection bypass"}]}]}, "references": {"reference_data": [{"name": "43134", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43134/"}, {"name": "101502", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101502"}, {"name": "1039775", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039775"}, {"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00", "refsource": "CONFIRM", "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00"}]}}}}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2017-6331", "datePublished": "2017-11-06T00:00:00", "dateReserved": "2017-02-26T00:00:00", "dateUpdated": "2017-11-17T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AE67053-C23D-4C83-943C-9A15C5A1A1C4", "versionEndExcluding": "14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients."}, {"lang": "es", "value": "En versiones anteriores a SEP 14 RU1, el producto Symantec Endpoint Protection puede encontrarse con un problema de omisi\u00f3n de protecci\u00f3n contra manipulaciones, que es un tipo de ataque que omite la protecci\u00f3n en tiempo real para la aplicaci\u00f3n que se ejecuta en servidores y clientes."}], "id": "CVE-2017-6331", "lastModified": "2020-09-16T13:15:23.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-06T23:29:00.330", "references": [{"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101502"}, {"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039775"}, {"source": "secure@symantec.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43134/"}, {"source": "secure@symantec.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}