CVE-2018-18366

CWE-908 — Use of Uninitialized Resource3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 75.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Endpoint Protection Cloud Symantec Endpoint Protection Cloud Agent Symantec Norton Security +5 more

Timeline

PublishedApr 25

Latest updateMay 24

Description

Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages8 packages

▶NVDsymantec/endpoint_protection_cloud_agent< 3.00.31.2817

▶NVDsymantec/norton_security< 22.16.3

▶NVDsymantec/endpoint_protection_cloud< 22.16.3

▶CVEListV5symantec_corporation/sep_cloudPrior to 22.16.3

▶CVEListV5symantec_corporation/norton_securityPrior to 22.16.3

🔴Vulnerability Details

GHSA

GHSA-6mpj-9376-4g2w: Symantec Norton Security prior to 22↗2022-05-24

▶

CVEList

CVE-2018-18366: Symantec Norton Security prior to 22↗2019-04-25

▶