CVE-2020-5827 - OpenCVE

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Endpoint Protection Manager

Configuration 1 [-]

OR	cpe:2.3:a:symantec:endpoint_protection_manager::::::::
	cpe:2.3:a:symantec:endpoint_protection_manager:14.2:-::::::
	cpe:2.3:a:symantec:endpoint_protection_manager:14.2:mp1::::::
	cpe:2.3:a:symantec:endpoint_protection_manager:14.2:ru1::::::
	cpe:2.3:a:symantec:endpoint_protection_manager:14.2:ru1-mp1::::::
	cpe:2.3:a:symantec:endpoint_protection_manager:14.2:ru2::::::

No data.

References

Link	Providers
https://support.symantec.com/us/en/article.SYMSA1505.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2020-02-11T17:09:19

Updated: 2024-08-04T08:39:25.864Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5827

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-02-11T18:15:17.137

Modified: 2020-02-13T21:33:56.833

Link: CVE-2020-5827

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Symantec Endpoint Protection Manager (SEPM)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Prior to 14.2 RU2 MP1"}]}], "descriptions": [{"lang": "en", "value": "Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program."}], "problemTypes": [{"descriptions": [{"description": "Out of Bounds", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-11T17:09:19", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2020-5827", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Symantec Endpoint Protection Manager (SEPM)", "version": {"version_data": [{"version_value": "Prior to 14.2 RU2 MP1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out of Bounds"}]}]}, "references": {"reference_data": [{"name": "https://support.symantec.com/us/en/article.SYMSA1505.html", "refsource": "MISC", "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.864Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2020-5827", "datePublished": "2020-02-11T17:09:19", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:39:25.864Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8F6DC2F-C45D-40DD-85F1-2F6203801D11", "versionEndExcluding": "14.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:14.2:-:*:*:*:*:*:*", "matchCriteriaId": "B1C4C14C-66AF-407C-8724-7C16A839DE44", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:14.2:mp1:*:*:*:*:*:*", "matchCriteriaId": "15131034-0111-472A-91B4-14870AAB625E", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:14.2:ru1:*:*:*:*:*:*", "matchCriteriaId": "C72A5FE1-0382-46BC-9E8F-B338443F89AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:14.2:ru1-mp1:*:*:*:*:*:*", "matchCriteriaId": "9FCFBFF5-7341-4CB8-85CD-CD9ECBA3E457", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:14.2:ru2:*:*:*:*:*:*", "matchCriteriaId": "807566A6-CF73-48DD-881B-13E2EF8FD077", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program."}, {"lang": "es", "value": "Symantec Endpoint Protection Manager (SEPM), versiones anteriores a 14.2 RU2 MP1, puede ser susceptible a una vulnerabilidad fuera de l\u00edmites, que es un tipo de problema que resulta en que una aplicaci\u00f3n existente lea la memoria fuera de los l\u00edmites de la memoria que ha sido asignada al programa."}], "id": "CVE-2020-5827", "lastModified": "2020-02-13T21:33:56.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-11T18:15:17.137", "references": [{"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "https://support.symantec.com/us/en/article.SYMSA1505.html"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}