CVE-2019-12758

MEDIUM

Symantec Endpoint Protection < 14.2 - Uncontrolled Search Path

Title source: rule

Description

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.

References (2)

[Exploit, Third Party Advisory] https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758

[Vendor Advisory] https://support.symantec.com/us/en/article.SYMSA1488.html

Scores

CVSS v3 6.7

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

symantec/endpoint_protection < 14.2

symantec/endpoint_protection

Timeline

Published Nov 15, 2019

Tracked Since Feb 18, 2026