CVE-2016-5311

CWE-4273 documents3 sources

Severity

7.8HIGH

EPSS

0.3%

top 49.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Endpoint Protection Symantec Endpoint Protection Cloud Symantec Norton 360 +6 more

Timeline

PublishedJan 9

Latest updateMay 24

Description

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

▶NVDsymantec/norton_security_with_backup< 22.7

▶NVDsymantec/norton_internet_security< 22.7

▶NVDsymantec/norton_antivirus_with_backup< 22.7

▶NVDsymantec/norton_security< 22.7

▶NVDsymantec/norton_antivirus< 22.7

🔴Vulnerability Details

GHSA

GHSA-g7qp-85xf-w4q4: A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup,↗2022-05-24

▶

CVEList

CVE-2016-5311: A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup,↗2020-01-09

▶