← Back

CVE-2016-6590

nvd nist
Published: Jan 8, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.

Affected (9)

Symantec
4 products
Encryption Desktop
Endpoint Encryption
Ghost Solution Suite
It Management Suite
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Encryption Desktop
From 10.0.0 to 10.4.1
Symantec
Endpoint Encryption
From 7.0 to 7.6
Endpoint Encryption
Version 7.6
Symantec
Ghost Solution Suite
Version 3.1
Ghost Solution Suite
Version 3.1 maintenance_pack1
Ghost Solution Suite
Version 3.1 maintenance_pack2
Ghost Solution Suite
Version 3.1 maintenance_pack3
Symantec
It Management Suite
Version 7.6
It Management Suite
Version 8.0

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

Source: secure@symantec.com
Third Party AdvisoryVDB Entry
Source: secure@symantec.com
Third Party AdvisoryVDB Entry
Source: secure@symantec.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.