CVE-2015-1492

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.5HIGH

EPSS

0.8%

top 25.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Endpoint Protection Manager

Timeline

PublishedAug 1

Latest updateMay 17

Description

Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

▶NVDsymantec/endpoint_protection_manager12.1.0

🔴Vulnerability Details

GHSA

GHSA-wrh7-vv7r-8w3q: Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12↗2022-05-17

▶

CVEList

CVE-2015-1492: Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12↗2015-08-01

▶

💬Community

Bugzilla

CVE-2015-1855 ruby: OpenSSL extension hostname matching implementation violates RFC 6125↗2015-04-08

▶