CVE-2020-5821 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Severity

78%

Complexity

18%

Confidentiality

98%

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit.

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit.

CVSS 3.1 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Symantec Endpoint Protection

First reported 5 years ago

2020-02-11 18:15:00

Last updated 5 years ago

2020-02-14 18:41:00

Affected Software

Symantec Endpoint Protection 11.0

11.0

Symantec Endpoint Protection 11.0 MR4-MP1A

11.0

Symantec Endpoint Protection Version 11.0 RU5

11.0

Symantec Endpoint Protection Version 11.0 RU6

11.0

Symantec Endpoint Protection Version 11.0 RU6a

11.0

Symantec Endpoint Protection 11.0 RU7-MP3

11.0

Symantec Endpoint Protection 12.1 RU1-P1

12.1

Symantec Endpoint Protection 12.1 RU6-MP9

12.1

Symantec Endpoint Protection 14.0.0 -

14.0.0

Symantec Endpoint Protection 14.0.0 MP1

14.0.0

Symantec Endpoint Protection 14.0.1 -

14.0.1

Symantec Endpoint Protection 14.2 -

14.2

Symantec Endpoint Protection 14.2 RU1

14.2

Symantec Endpoint Protection 14.2 RU1 MP1

14.2

Symantec Endpoint Protection 14.2 Ru2

14.2

Symantec Endpoint Protection 12.0 RTM Small Business Edition

12.0

Symantec Endpoint Protection 12.0 RU1 Small Business Edition

12.0

Symantec Endpoint Protection 12.1 - Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU1 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU1-MP1 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU2 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU2-MP1 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU3 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU4 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU4-MP1 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU4-MP1A Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU4-MP1B Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU4A Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU5 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 MP1 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 MP10 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 MP2 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 MP3 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 MP4 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 MP5 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 MP6 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 MP7 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 MP8 Small Business Edition

12.1

Symantec Endpoint Protection 12.1 RU6 MP9 Small Business Edition

12.1

References

https://support.symantec.com/us/en/article.SYMSA1505.html

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.