Symantec Endpoint Protection Privilege Escalation
SUMMARY
Symantec has released updates to address issues that were discovered in the Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) products.
AFFECTED PRODUCTS
|
Symantec Endpoint Protection (SEP) |
||
|
CVE |
Affected Version(s) |
Remediation |
|
CVE-2019-12750 |
Prior to 14.2 RU1 (14.2.3332.1000), prior to and including 12.1 RU6 MP10 |
Upgrade to 14.2 RU1 (14.2.3332.1000) or later. |
|
Symantec Endpoint Protection Small Business Edition (SEP SBE) |
||
|
CVE |
Affected Version(s) |
Remediation |
|
CVE-2019-12750 |
Prior to 12.1 RU6 MP10c (12.1.7491.7002) |
Upgrade to 12.1 RU6 MP10c (12.1.7491.7002) |
ISSUES
|
CVE-2019-12750 |
|
|
Severity/CVSSv3: |
High / 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
References: Impact: |
Security Focus: BID 109107 / NVD: CVE-2019-12750 Privilege Escalation |
|
Description: |
Symantec Endpoint Protection and Symantec Endpoint Protection Small Business Edition may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
MITIGATION
The mentioned issue was validated by the product team engineers. A Symantec Endpoint Protection update, version 14.2 RU1, and Symantec Endpoint Protection Small Business Edition update, version 12.1 RU6 MP10c (12.1.7491.7002), have been released which address the aforementioned issue. The latest releases and patches for Symantec Endpoint Protection and Symantec Endpoint Protection Small Business Edition are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from these issues.
In addition, a referesh of 14.2 MP1 (14.2.1057.0103) was released on August 21st, 2019 to address this issue. This is available upon request from Symantec Technical Support.
Note: for customers who are currently not using Application and Device Control, you can use the instructions in the following technote to mitigate the current issue in the interim.
https://symantec.com/docs/TECH255484
Symantec recommends the following measures to reduce risk of attack:
- Restrict access to administrative or management systems to authorized privileged users.
- Restrict remote access to trusted/authorized systems only.
- Run under the principle of least privilege, where possible, to limit the impact of potential exploit.
- Keep all operating systems and applications current with vendor patches.
- Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection for both inbound and outbound threats.
- Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.
ACKNOWLEDGEMENTS
- CVE-2019-12750: Kyriakos Economou (@kyREcon) of Nettitude: https://www.nettitude.com/