Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.0 | 6.5 | MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| Primary | 2.0 | 2.1 | LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
| CWE ID | Type | Source |
|---|---|---|
| CWE-908 | Primary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| http://www.securityfocus.com/bid/107994 | secure@symantec.com | Third Party Advisory VDB Entry |
| https://support.symantec.com/en_US/article.SYMSA1479.html | secure@symantec.com | Vendor Advisory |