CVE-2019-9695 - OpenCVE

Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Norton Core Norton Core Firmware

Configuration 1 [-]

AND

cpe:2.3:o:symantec:norton_core_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:symantec:norton_core:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/107478
https://support.symantec.com/en_US/article.SYMSA1476.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2019-03-29T13:32:42

Updated: 2024-08-04T21:54:45.143Z

Reserved: 2019-03-11T00:00:00

Link: CVE-2019-9695

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-03-29T14:29:00.843

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-9695

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Norton Core", "vendor": "Norton", "versions": [{"status": "affected", "version": "Prior to v278"}]}], "datePublic": "2019-03-19T00:00:00", "descriptions": [{"lang": "en", "value": "Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-29T13:33:20", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.symantec.com/en_US/article.SYMSA1476.html"}, {"name": "107478", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107478"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2019-9695", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Norton Core", "version": {"version_data": [{"version_value": "Prior to v278"}]}}]}, "vendor_name": "Norton"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://support.symantec.com/en_US/article.SYMSA1476.html", "refsource": "CONFIRM", "url": "https://support.symantec.com/en_US/article.SYMSA1476.html"}, {"name": "107478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107478"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:54:45.143Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.symantec.com/en_US/article.SYMSA1476.html"}, {"name": "107478", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107478"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2019-9695", "datePublished": "2019-03-29T13:32:42", "dateReserved": "2019-03-11T00:00:00", "dateUpdated": "2024-08-04T21:54:45.143Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:symantec:norton_core_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FAD5FF93-617A-4299-96C8-E228563EBEAF", "versionEndExcluding": "278", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:symantec:norton_core:-:*:*:*:*:*:*:*", "matchCriteriaId": "2466F7FB-4469-402E-A362-25E358BBF6B3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device."}, {"lang": "es", "value": "Norton Core, en versiones anteriores a la v278, puede ser susceptible a un fallo de ejecuci\u00f3n de c\u00f3digo arbitrario, un tipo de vulnerabilidad que tiene el potencial de permitir a un individuo ejecutar comandos o c\u00f3digo arbitrarios en una m\u00e1quina o proceso objetivos. N\u00f3tese que este exploit solo es posible con un acceso f\u00edsico directo al dispositivo."}], "id": "CVE-2019-9695", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-29T14:29:00.843", "references": [{"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107478"}, {"source": "secure@symantec.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.symantec.com/en_US/article.SYMSA1476.html"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}