CVE-2018-18368

HIGH

Symantec Endpoint Protection Manager < 14.2 RU1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-18368. PoCs published by DimopoulosElias.

AI-analyzed exploit summary This exploit leverages a DLL preloading vulnerability in Symantec Endpoint Protection Manager (SEPM) 14 MP1.2, allowing a local attacker to escalate privileges to NT SERVICE\semwebsrv by placing a malicious DLL in C:\bin32\, which is loaded by php-cgi.exe during login.

Description

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Exploits (1)

nomisec WORKING POC 17 stars

by DimopoulosElias · poc

https://github.com/DimopoulosElias/SEPM-EoP

View Code ZIP pw:eip

This exploit leverages a DLL preloading vulnerability in Symantec Endpoint Protection Manager (SEPM) 14 MP1.2, allowing a local attacker to escalate privileges to NT SERVICE\semwebsrv by placing a malicious DLL in C:\bin32\, which is loaded by php-cgi.exe during login.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Symantec Endpoint Protection Manager 14 MP1.2 (14.2.1023.0100)

No auth needed

Prerequisites: Local access to the target system · Ability to create directories and write files to C:\

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://support.symantec.com/us/en/article.SYMSA1488.html

Scores

CVSS v3 7.8

EPSS 0.0050

EPSS Percentile 66.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

symantec/endpoint_protection_manager < 14.2

Published Nov 15, 2019

Tracked Since Feb 18, 2026