Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-6331

4 documents4 sources

Severity

7.1HIGH

EPSS

0.8%

top 26.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Endpoint Protection Symantec Corporation Symantec Endpoint Protection

Timeline

PublishedNov 6

Latest updateMay 13

Description

Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDsymantec/endpoint_protection< 14.0

▶CVEListV5symantec_corporation/symantec_endpoint_protectionPrior to SEP 14 RU1

🔴Vulnerability Details

GHSA

GHSA-p32x-gx9p-8798: Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses t↗2022-05-13

▶

CVEList

CVE-2017-6331: Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses t↗2017-11-06

▶

💥Exploits & PoCs

Exploit-DB

Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass↗2017-11-10

▶