CVE-2018-18366

Published Apr 25, 2019
Last updated 4 years ago
CVSS medium 6.5
Overview

Description: Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.
Source: secure@symantec.com
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 4
Exploitability score: 2
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-908
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5DDAD68-240B-4369-8D7D-B10239C54747"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D9F3D24-2F6B-4DBB-9BAD-B675F531B9C8"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr2:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69DA24CB-9464-4DBA-9757-CBF3253D324C"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr3:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5708D207-5F1E-4CC5-89B0-9872F8021736"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr4:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA616B75-7FAA-4DFF-9E3C-9BF05D90C4AA"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr4-mp2:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F728FD54-72A2-4C64-8EBA-AB516AFEB930"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru5:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7D78695-4229-4163-A937-30B0FB97568A"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "665E9936-F11A-47C2-9919-7B9F236ED003"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EA8075B-DF2C-4A6C-B30D-405196C0E15C"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp2:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "506BD1F7-0B85-4DD2-A56B-6D84ECC1598B"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp3:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46D9A4AF-B880-4AA3-B5A9-FB2F67AD8CDE"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6a:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56382DCA-103C-4833-A950-6DB90102F208"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0591908-0AD7-4DE6-B28D-DFA9CA6C29A0"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85E4AE96-9917-4674-B08D-B8B5DEADB58D"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp2:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5DB21D2-0ACD-468B-8144-10FCD7DCB428"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9AD8898-62A9-40D1-9FA2-D980D5BB41DD"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4a:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC5F57A5-EAE3-4553-98C1-38C11C04D178"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ry7-mp3:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76D3A7B5-3151-4442-B256-A60BC5A7915E"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD6A8A38-4199-4E73-894F-BA388FCA20EB"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF0DBAF4-95F3-4AA9-B9E6-4E9D9EEC56EE"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru1-mp1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04378076-3B34-4F9F-AFE3-F740D6770C86"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru2:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63A3DDBE-9B09-44E3-A899-6F0C9C88CDC8"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru2-mp1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD6EA05C-1748-4143-93A9-8CE5B336EA21"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru3:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "505C8AD8-E527-49F9-96AE-B9DAE32A634B"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E07ABDF7-6A4D-4CB1-8CA1-1708F25B89B8"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8941F807-54BA-491B-B001-EC37843BAAB3"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1a:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29A8D0C5-9389-4340-879A-033ED39D6A5C"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1b:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA24E896-329C-41DC-AF82-50D8479DE874"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4a:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C615B28-E03C-4DDC-A669-BADE920C0213"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru5:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E63D215D-0861-4128-9CDC-03ACF0B7BDFA"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5810456-C8B7-4716-8836-8C23CF0D8503"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9FEE5B1-CBF7-491E-B818-360C70EE6E1A"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp10:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "931383D4-DE13-4E90-B9D3-EDAA157E9A0F"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp2:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C10597C-BC98-46DF-A264-C6F782E22256"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp3:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FB5E6EE-0336-4C51-A348-DF6669D424F4"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp4:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCBEC4B9-10F8-48B8-BE07-9646F4D15CF2"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp5:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7F7472F-8126-420C-B04E-112A01865804"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp6:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "309BB292-60D3-4D6A-A9EB-B1741A202162"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp7:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57354358-0C2D-4DE4-BE79-1EA80A20517C"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp8:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "737E64E5-3F7B-4C5D-B1AB-54241D9C8852"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:14:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD3E3D04-80C5-46B6-A1AC-EF0AA15F9CB3"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:14:mp1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE526090-27CE-4CA8-84FD-37973B75BE28"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.0:mp2:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4853BEBB-F207-489E-ABEB-AE2A8AEC2086"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.1:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E86D69CD-40A6-4F8E-8B07-41D6E3B8FD32"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C30BA87-1FD2-4CBE-AC8B-AA57B9AA91D6"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp2:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3A02563-3A73-44E9-8169-5904B93CEB12"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:14.2:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D088B925-70DF-4CA1-B840-81C10F52049A"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:14.2:mp1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "901E887F-74DA-457B-A124-F3692CE76209"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:nis-22.15.2.22:*:*:*:small_business:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F562DF12-99D5-4111-9CD6-D1E5B7920225"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:sep-12.1.7484.7002:*:*:*:small_business:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33FAAF42-04C9-430C-8C9A-F707AB6B469C"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31AFAAF0-ED33-4C9E-9708-456766A8A61F",
            "versionEndExcluding": "22.16.3"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud_agent:*:*:*:*:small_business:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B36DE59-81E1-4800-96CB-C9281C15E2F5",
            "versionEndExcluding": "3.00.31.2817"
          },
          {
            "criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5C50AD8-9816-4DDE-B8A7-1243BF2E56BF",
            "versionEndExcluding": "22.16.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
