CVE-2019-12756 - Incorrect Authorization

Severity

23%

Complexity

8%

Confidentiality

23%

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.

CVSS 3.1 Base Score 2.3. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N).

Demo Examples

Incorrect Authorization

CWE-863

The following code could be for a medical records application. It displays a record to already authenticated users, confirming the user's authorization using a value stored in a cookie.


               
}
}
setcookie("role", $role, time()+60*60*2);
die("\n");
DisplayMedicalHistory($_POST['patient_ID']);
die("You are not Authorized to view this record\n");

The programmer expects that the cookie will only be set when getRole() succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie. However, the attacker can easily set the "role" cookie to the value "Reader". As a result, the $role variable is "Reader", and getRole() is never invoked. The attacker has bypassed the authorization system.

Overview

Type

Symantec Endpoint Protection

First reported 5 years ago

2019-11-15 17:15:00

Last updated 5 years ago

2019-11-22 14:27:00

Affected Software

Symantec Endpoint Protection 11.0

11.0

Symantec Endpoint Protection 11.0 MR4-MP1A

11.0

Symantec Endpoint Protection Version 11.0 RU5

11.0

Symantec Endpoint Protection Version 11.0 RU6

11.0

Symantec Endpoint Protection Version 11.0 RU6a

11.0

Symantec Endpoint Protection 11.0 RU7-MP3

11.0

Symantec Endpoint Protection 12.1 RU1-P1

12.1

Symantec Endpoint Protection 12.1 RU6-MP9

12.1

Symantec Endpoint Protection 14.0.0 -

14.0.0

Symantec Endpoint Protection 14.0.0 MP1

14.0.0

Symantec Endpoint Protection 14.0.1 -

14.0.1

Symantec Endpoint Protection 14.2 -

14.2

Symantec Endpoint Protection 14.2 RU1

14.2

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.