CVE-2016-6590

Опубликовано: 08 янв. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 4.4

EPSS Низкий

Описание

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.

Ссылки

http://www.securityfocus.com/bid/94279
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037302
Third Party Advisory
VDB Entry
https://support.symantec.com/us/en/article.symsa1385.html
Vendor Advisory
http://www.securityfocus.com/bid/94279
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037302
Third Party Advisory
VDB Entry
https://support.symantec.com/us/en/article.symsa1385.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:symantec:encryption_desktop:*:*:*:*:*:*:*:*

Версия от 10.0.0 (включая) до 10.4.1 (исключая)

cpe:2.3:a:symantec:endpoint_encryption:*:*:*:*:*:*:*:*

Версия от 7.0 (включая) до 7.6 (исключая)

cpe:2.3:a:symantec:endpoint_encryption:7.6:*:*:*:*:*:*:*

cpe:2.3:a:symantec:ghost_solution_suite:3.1:-:*:*:*:*:*:*

cpe:2.3:a:symantec:ghost_solution_suite:3.1:maintenance_pack1:*:*:*:*:*:*

cpe:2.3:a:symantec:ghost_solution_suite:3.1:maintenance_pack2:*:*:*:*:*:*

cpe:2.3:a:symantec:ghost_solution_suite:3.1:maintenance_pack3:*:*:*:*:*:*

cpe:2.3:a:symantec:it_management_suite:7.6:*:*:*:*:*:*:*

cpe:2.3:a:symantec:it_management_suite:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00058

Низкий

7.8 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-7j42-ggv7-2p5p

github

больше 3 лет назад