Overview
- Description
- Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.
- Source
- secure@symantec.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 2.9
- Impact score
- 2.5
- Exploitability score
- 0.4
- Vector string
- CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 3.3
- Impact score
- 4.9
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-254
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:*:mp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCE7769D-5CED-4365-93F3-0D4320470943",
"versionEndIncluding": "12.1.6"
}
],
"operator": "OR"
}
]
}
]