CVE-2018-18369

Опубликовано: 25 апр. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

Ссылки

http://www.securityfocus.com/bid/107997
Third Party Advisory
VDB Entry
https://support.symantec.com/en_US/article.SYMSA1479.html
Vendor Advisory
http://www.securityfocus.com/bid/107997
Third Party Advisory
VDB Entry
https://support.symantec.com/en_US/article.SYMSA1479.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:symantec:endpoint_protection:nis-22.15.2.22:*:*:*:small_business:*:*:*

cpe:2.3:a:symantec:endpoint_protection:sep-12.1.7484.7002:*:*:*:small_business:*:*:*

cpe:2.3:a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:*

Версия до 22.16.3 (исключая)

cpe:2.3:a:symantec:endpoint_protection_cloud_agent:*:*:*:*:small_business:*:*:*

Версия до 3.00.31.2817 (исключая)

cpe:2.3:a:symantec:norton_security:*:*:*:*:*:windows:*:*

Версия до 22.16.3 (исключая)

EPSS

Процентиль: 60%

0.00397

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-426

Связанные уязвимости

GHSA-cqr9-3mc7-gvpr