CVE-2022-37015

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.5%

top 33.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Endpoint Detection AND Response

Timeline

PublishedNov 8

Latest updateNov 9

Description

Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDsymantec/endpoint_detection_and_response< 4.7.0

▶CVEListV5symantec_endpoint_detection_and_response4.6.x

🔴Vulnerability Details

GHSA

GHSA-f545-9c5v-qxgw: Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4↗2022-11-09

▶

CVEList

CVE-2022-37015: Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4↗2022-11-08

▶