Symantec Endpoint Protection prior to 14.3 Improper Privilege Management Vulnerability

Summary

Symantec Endpoint Protection (Windows Endpoint), prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection’s Tamper Protection feature is disabled.

Credit:

The information has been provided by Tobias Neitzel

The original article can be found at:https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762


Details

Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection’s Tamper Protection feature is disabled.

 

Vulnerable Systems:

Symantec Endpoint Protection prior to 14.3

 

CVE Information:

CVE-2020-5836

 

Disclosure Timeline:
Published Date:5/11/2020

Categories: FeaturedNews