CVE-2001-1125

CWE-4943 documents3 sources

Severity

9.8CRITICAL

EPSS

3.5%

top 12.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Liveupdate

Timeline

PublishedOct 5

Latest updateApr 30

Description

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDsymantec/liveupdate< 1.6

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7rhp-mjch-qq88: Symantec LiveUpdate before 1↗2022-04-30

▶

CVEList

CVE-2001-1125: Symantec LiveUpdate before 1↗2002-03-15

▶