CVE-2018-18367

CWE-4263 documents3 sources

Severity

7.8HIGH

EPSS

0.4%

top 39.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Corporation Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager

Timeline

PublishedApr 25

Latest updateMay 24

Description

Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsymantec/endpoint_protection_manager5 versions+4

▶CVEListV5symantec_corporation/symantec_endpoint_protection_managerPrior to 14.2 RU1, Prior to and including 12.1 RU6 MP9+1

🔴Vulnerability Details

GHSA

GHSA-5v9p-r9hp-37jv: Symantec Endpoint Protection Manager (SEPM) prior to and including 12↗2022-05-24

▶

CVEList

CVE-2018-18367: Symantec Endpoint Protection Manager (SEPM) prior to and including 12↗2019-04-25

▶