Vulnerability Name:

CVE-2018-12238 (CCN-153608)

Assigned:2018-11-28
Published:2018-11-28
Updated:2019-10-03
Summary:Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2018-12238

Source: BID
Type: Third Party Advisory, VDB Entry
105917

Source: XF
Type: UNKNOWN
symantec-cve201812238-sec-bypass(153608)

Source: CCN
Type: Symantec Security Advisory ID: SA1468
Norton and SEP Multiple Issues

Source: CONFIRM
Type: Mitigation, Vendor Advisory
https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:endpoint_protection:*:*:*:*:*:*:*:* (Version >= 11.0 and < 12.1.7454.7000)
  • OR cpe:/a:symantec:endpoint_protection:*:*:*:*:*:*:*:* (Version >= 14.0 and <= 14.2)
  • OR cpe:/a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:* (Version < 22.15.1)
  • OR cpe:/a:symantec:norton_antivirus:*:*:*:*:*:*:*:* (Version < 22.15)

    • Configuration CCN 1:
  • cpe:/a:symantec:endpoint_protection:12.1.671:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:14:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec endpoint protection *
    symantec endpoint protection *
    symantec endpoint protection cloud *
    symantec norton antivirus *
    symantec endpoint protection 12.1.671
    symantec endpoint protection 14