Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2020-5837

Published: 11/05/2020 Updated: 14/05/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Symantec

Vulnerability Summary

Symantec Endpoint Protection, before 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

symantec endpoint protection

Github Repositories

https://github.com/RedyOpsResearchLabs/SEP-14.2-Arbitrary-Write

CVE-2020-5837 exploit

CVE-2020-5837 exploit The write up can be found in the blog of the RedyOps Labs: labsredyopscom/indexphp/2020/04/27/symantec-endpoint-protection-sep-14-2-eop-via-arbitrary-write/ Third Party Tools This exploit code, is heavily based on symboliclink-testing-tools which was Developed by James Forshaw The symboliclink-testing-tools can be found here: githubcom

References

CWE-59https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762https://nvd.nist.govhttps://github.com/RedyOpsResearchLabs/SEP-14.2-Arbitrary-Write
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook