Description
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.symantec.com/us/en/article.SYMSA1488.html
Scores
CVSS v3
2.3
EPSS
0.0007
EPSS Percentile
20.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Details
Status
published
Products (5)
symantec/endpoint_protection
11.0 (19 CPE variants)
symantec/endpoint_protection
12.1 (22 CPE variants)
symantec/endpoint_protection
14.0.0 (3 CPE variants)
symantec/endpoint_protection
14.0.1 (3 CPE variants)
symantec/endpoint_protection
14.2 (3 CPE variants)
Published
Nov 15, 2019
Tracked Since
Feb 18, 2026