CVE-2002-0344

3 documents3 sources

Severity

5.0MEDIUM

EPSS

1.9%

top 16.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Liveupdate

Timeline

PublishedJun 25

Latest updateApr 30

Description

Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsymantec/liveupdate1.5

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-m8ww-vg8v-xh9q: Symantec LiveUpdate 1↗2022-04-30

▶

CVEList

CVE-2002-0344: Symantec LiveUpdate 1↗2002-05-03

▶