Norton SEP Multiple Issues
SYMSA1479
Last Updated September 23, 2019
Initial Publication Date April 15, 2019
- Status: Closed
- Severity: Medium
- CVSS Base Score: 6.7
readonly
Symantec has released updates to address issues that were discovered in the Norton Security, Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Manager (SEPM), Symantec Endpoint Protection Small Business Edition (SEP SBE) and Symantec Endpoint Protection Cloud (SEP Cloud) products.
|
Norton Security for Windows |
||
|
CVE |
Affected Version(s) |
Remediation |
|
CVE-2018-18366 CVE-2018-18369 |
Prior to 22.16.3 |
Upgrade to 22.16.3 (or higher) |
|
SEP (Windows Clients) |
||
|
CVE |
Affected Version(s) |
Remediation |
|
CVE-2018-18366 |
Prior to and including 12.1 RU6 MP10, Prior to 14.2 RU1 |
Upgrade to 14.2 RU1 |
|
Symantec Endpoint Protection Manager (SEPM) |
||
|
CVE |
Affected Version(s) |
Remediation |
|
CVE-2018-18367 |
Prior to and including 12.1 RU6 MP10, Prior to 14.2 RU1 |
Upgrade to 14.2 RU1 |
|
SEP for Mac Client |
||
|
CVE |
Affected Version(s) |
Remediation |
|
CVE-2018-12244 |
Prior to and including 12.1 RU6 MP10, Prior to 14.2 RU1 |
Upgrade to 14.2 RU1 |
|
SEP Small Business Edition (SEP SBE) |
||
|
CVE |
Affected Version(s) |
Remediation |
|
CVE-2018-18366 CVE-2018-18369 |
Prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002 |
Upgrade to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002 |
|
SEP Cloud |
||
|
CVE |
Affected Version(s) |
Remediation |
|
CVE-2018-18366 |
Prior to 22.16.3 |
Upgrade to 22.16.3 (or higher) |
|
CVE-2018-12244 |
|
|
Severity/CVSSv3: |
Medium / 6.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
|
References: Impact: |
Security Focus: BID 107999 / NVD: CVE-2018-12244 CSV/DDE Injection |
|
Description: |
SEP (Mac client) may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files. |
|
CVE-2018-18366 |
|
|
Severity/CVSSv3: |
Medium / 4.3 AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
|
References: Impact: |
Security Focus: BID 107994 / NVD: CVE-2018-18366 Kernel Memory Disclosure |
|
Description: |
Norton Security, SEP, SEP SBE and SEP Cloud may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory. |
|
CVE-2018-18367 |
|
|
Severity/CVSSv3: |
Medium / 6.7 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
References: Impact: |
Security Focus: BID 107996 / NVD: CVE-2018-18367 DLL Preloading |
|
Description: |
Symantec Endpoint Protection Manager (SEPM) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. |
|
CVE-2018-18369 |
|
|
Severity/CVSSv3: |
Medium / 6.4 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
|
References: Impact: |
Security Focus: BID 107997 / NVD: CVE-2018-18369 DLL Preloading |
|
Description: |
Norton (Windows client) & SEP SBE (Windows client) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. |
The aforementioned issues were validated by product team engineers. A set of product security updates to mitigate the listed issues are as follows:
- Norton Security for Windows version 22.16.3 (or higher)
- **Note for Window 7 users: please apply SP1 or higher
- Symantec Endpoint Protection (SEP) version 14.2 RU1
- In addition, a refresh of 14.2 MP1 (14.2.1057.0103) was released on August 21st, 2019 to address this issue. This is available upon request from Symantec Technical Support
- Symantec Endpoint Protection Manager (SEPM) version 14.2 RU1
- Symantec Endpoint Protection Small Business Edition (SEP SBE) versions Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002
- Symantec Endpoint Protection Cloud (SEP Cloud) version 22.16.3 (or higher)
Note that the latest releases of the mentioned products are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from these issues.
Symantec recommends the following measures to reduce risk of attack:
- Restrict access to administrative or management systems to authorized privileged users.
- Restrict remote access to trusted/authorized systems only.
- Run under the principle of least privilege, where possible, to limit the impact of potential exploit.
- Keep all operating systems and applications current with vendor patches.
- Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection for both inbound and outbound threats.
- Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.
- CVE-2018-12244: Ayushman Dutta
- CVE-2018-18366: Discovered by Marcin 'Icewall' Noga of Cisco Talos
- CVE-2018-18367: Ilias Dimopoulos <https://www.linkedin.com/in/dimopouloselias/> (a.k.a gweeperx)
- CVE-2018-18369: hujin@topsec
Subscribing will provide email updates when this Article is updated. Login is required.
-
Endpoint Protection
14.2 RU1
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.
Start Over
This will clear the history and restart the chat.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)