CVE-2015-8801

Published: Jun 30, 2016Modified: May 6, 2026

2.9

Vector

CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 0.4 / Impact: 2.5

Source: NVD

Description

Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.

Affected (1)

Products: Symantec: Endpoint Protection Manager

1 product

Endpoint Protection Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Symantec Endpoint Protection Manager	Up to 12.1.6

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

http://www.securityfocus.com/bid/91446

Source: secure@symantec.com

http://www.securitytracker.com/id/1036196

Source: secure@symantec.com

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01

Source: secure@symantec.com

Vendor Advisory

http://www.securityfocus.com/bid/91446

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036196

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.