CVE-2016-6590

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 81.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Symantec Encryption DesktopSymantec Endpoint EncryptionSymantec Ghost Solution Suite+2 more
Timeline
PublishedJan 8
Latest updateMay 24

Description

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

CVEListV5symantec/ghost_solution_suite3.1 prior to 3.1 MP4
CVEListV5symantec/it_management_suite8.0 prior to 8.0 HF4 and 7.6 prior to 7.6 HF7
NVDsymantec/encryption_desktop10.0.010.4.1

🔴Vulnerability Details

2
GHSA
GHSA-7j42-ggv7-2p5p: A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 82022-05-24
CVEList
CVE-2016-6590: A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 82020-01-08
CVE-2016-6590 (HIGH CVSS 7.8) | A privilege escalation vulnerabilit | cvebase.io