[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Symantec Endoint Security LPE CVE-2019-12750
From: Kyriakos Economou <keconomou () nettitude ! com>
Date: 2019-12-06 9:37:03
Message-ID: fcfa5fb87f954bffa6c5c22880d6947d () nettitude ! com
[Download RAW message or body]
[Attachment #2 (unknown)]
Advisory
A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection \
to leak privileged information and/or execute code with higher privileges, thus taking full \
control over the affected host.
Products Affected
Symantec Endpoint Protection v14.x < v14.2 (RU1)
Symantec Endpoint Protection v12.x < 12.1 (RU6 MP10)
Symantec Endpoint Protection Small Business Edition v12.x < 12.1 (RU6 MP10c)
https://support.symantec.com/us/en/article.SYMSA1487.html
https://labs.nettitude.com/blog/cve-2019-12750-symantec-endpoint-protection-local-privilege-escalation-part-1/
Timeline
Date of discovery: April 2019
Vendor informed: 18 April 2019
Vendor Acknowledged: 19 April 2019
Vendor Requested Extra Time: 19 April 2019
Advisory [1]: 31 July 2019
Nettitude blog [2]: 5 December 2019
References
1. https://support.symantec.com/us/en/article.SYMSA1487.html
2. https://labs.nettitude.com/blog/cve-2019-12750-symantec-endpoint-protection-local-privilege-escalation-part-1/
Kyriakos Economou
Senior Vulnerability Researcher
T: 0345 520 0085
E: keconomou@nettitude.com
UK: 1 Jephson Court, Tancred Cl, Leamington Spa, CV31 3RZ
[cid:image002.png@01D5AC18.B5AAA630]
[Facebook icon] \
<https://en-gb.facebook.com/Nettitude/> [LinkedIn icon] \
<https://www.linkedin.com/company/nettitude-group> [Twitter icon] \
<https://twitter.com/Nettitude_group> [Youtbue icon] \
<https://www.youtube.com/channel/UCRUUESU5OTfRte0P-pm2MZQ>
___________________________________________________________________________________
Lloyd's Register and variants of it are trading names of Lloyd's Register Group Limited, its \
subsidiaries and affiliates. Nettitude Limited, registered in England, registered number \
4705154 Registered office: 1 Jephson Court, Tancred Close, Leamington Spa, Warwickshire, CV31 \
3RZ. A member of the Lloyd's Register group.
Lloyd's Register Group Limited, its affiliates and subsidiaries and their respective officers, \
employees or agents are individually and collectively, referred to in this clause as ‘Lloyd's \
Register'. Lloyd's Register assumes no responsibility and shall not be liable to any person for \
any loss, damage or expense caused by reliance on the information or advice in this document or \
howsoever provided, unless that person has signed a contract with the relevant Lloyd's Register \
entity for the provision of this information or advice and in that case any responsibility or \
liability is exclusively on the terms and conditions set out in that contract. \
___________________________________________________________________________________
["image001.png" (image/png)]
["image003.png" (image/png)]
["image004.png" (image/png)]
["image005.png" (image/png)]
["image006.png" (image/png)]
["image002.png" (image/png)]
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
--===============0640389517430580738==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic