CVE-2016-6590

HIGH

Symantec IT Management Suite <8.0 HF4 & Suite 7.6 <7.6 HF7 - Privil...

Title source: llm
STIX 2.1

Description

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/94279
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securitytracker.com/id/1037302
Vendor Advisory x_refsource_confirm
https://support.symantec.com/us/en/article.symsa1385.html

Scores

CVSS v3 7.8
EPSS 0.0006
EPSS Percentile 18.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (6)
symantec/encryption_desktop 10.0.0 - 10.4.1
symantec/endpoint_encryption 7.6
symantec/endpoint_encryption 7.0 - 7.6
symantec/ghost_solution_suite 3.1 (4 CPE variants)
symantec/it_management_suite 7.6
symantec/it_management_suite 8.0
Published Jan 08, 2020
Tracked Since Feb 18, 2026