CVE-2017-13681

HIGH

Symantec Endpoint Protection < 12.1 RU6 MP9 - Privilege Escalation

Title source: llm

Description

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039775

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101504

Issue Tracking, Third Party Advisory x_refsource_confirm

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00

Scores

CVSS v3 7.8

EPSS 0.0009

EPSS Percentile 24.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (2)

symantec/endpoint_protection < 12.1

Symantec Corporation/Symantec Endpoint Protection Prior to SEP 12.1 RU6 MP9

Published Nov 06, 2017

Tracked Since Feb 18, 2026