CVE-2017-15528

Опубликовано: 22 нояб. 2017

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.

Ссылки

http://www.securityfocus.com/bid/101796
Third Party Advisory
VDB Entry
https://www.info-sec.ca/advisories/Norton-Security.html
Third Party Advisory
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00
Vendor Advisory
http://www.securityfocus.com/bid/101796
Third Party Advisory
VDB Entry
https://www.info-sec.ca/advisories/Norton-Security.html
Third Party Advisory
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:norton:install_norton_security:*:*:*:*:*:macos:*:*

Версия до 7.6 (исключая)

EPSS

Процентиль: 46%

0.0023

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-8hwr-q4pc-v98v