CVE-2017-15534

MEDIUM

Norton App Lock < 1.3.0.13 - Authentication Bypass via App Termination

Title source: llm

Description

The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access.

References (2)

Core 2

Core References

Mitigation, Vendor Advisory x_refsource_confirm

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20180326_00

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103377

Scores

CVSS v3 6.7

EPSS 0.0012

EPSS Percentile 30.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

symantec/norton_app_lock < 1.3.0.13

Published Mar 26, 2018

Tracked Since Feb 18, 2026