CVE-2019-9695 - OpenCVE

Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device.

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Symantec	Norton Core Firmware Norton Core

Configuration 1 [-]

AND

cpe:2.3:o:symantec:norton_core_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:symantec:norton_core:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/107478	Third Party Advisory VDB Entry
https://support.symantec.com/en_US/article.SYMSA1476.html	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: symantec

Published: 2019-03-29T13:32:42

Updated: 2019-03-29T13:33:20

Reserved: 2019-03-11T00:00:00

Link: CVE-2019-9695

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-03-29T14:29:00.843

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-9695

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Norton Core", "vendor": "Norton", "versions": [{"status": "affected", "version": "Prior to v278"}]}], "datePublic": "2019-03-19T00:00:00", "descriptions": [{"lang": "en", "value": "Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-29T13:33:20", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.symantec.com/en_US/article.SYMSA1476.html"}, {"name": "107478", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107478"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2019-9695", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Norton Core", "version": {"version_data": [{"version_value": "Prior to v278"}]}}]}, "vendor_name": "Norton"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://support.symantec.com/en_US/article.SYMSA1476.html", "refsource": "CONFIRM", "url": "https://support.symantec.com/en_US/article.SYMSA1476.html"}, {"name": "107478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107478"}]}}}}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2019-9695", "datePublished": "2019-03-29T13:32:42", "dateReserved": "2019-03-11T00:00:00", "dateUpdated": "2019-03-29T13:33:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:symantec:norton_core_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FAD5FF93-617A-4299-96C8-E228563EBEAF", "versionEndExcluding": "278", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:symantec:norton_core:-:*:*:*:*:*:*:*", "matchCriteriaId": "2466F7FB-4469-402E-A362-25E358BBF6B3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device."}, {"lang": "es", "value": "Norton Core, en versiones anteriores a la v278, puede ser susceptible a un fallo de ejecuci\u00f3n de c\u00f3digo arbitrario, un tipo de vulnerabilidad que tiene el potencial de permitir a un individuo ejecutar comandos o c\u00f3digo arbitrarios en una m\u00e1quina o proceso objetivos. N\u00f3tese que este exploit solo es posible con un acceso f\u00edsico directo al dispositivo."}], "id": "CVE-2019-9695", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-29T14:29:00.843", "references": [{"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107478"}, {"source": "secure@symantec.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.symantec.com/en_US/article.SYMSA1476.html"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}