Symantec Endpoint Protection, prior to 14.3 Improper Link Resolution Before File Access (‘Link Following’) Vulnerability

Summary

Symantec Endpoint Protection (Windows Endpoint), prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.

Credit:

The information has been provided by Ilias Dimopoulos

The original article can be found at:https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762


Details

Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.

 

Vulnerable Systems:

Symantec Endpoint Protection, prior to 14.3

 

CVE Information:

CVE-2020-5837

 

Disclosure Timeline:
Published Date:5/11/2020

Categories: FeaturedNews