Vulnerabilities > CVE-2022-37017 - Unspecified vulnerability in Broadcom Symantec Endpoint Protection

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

broadcom

NVD

Published: 2022-12-01

Updated: 2023-08-08

Summary

Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.

Vulnerable Configurations

Part	Description	Count
Application	Broadcom Broadcom Symantec Endpoint Protection 14.3 Broadcom Symantec Endpoint Protection 14.3.1 Broadcom Symantec Endpoint Protection 14.3.1.1 Broadcom Symantec Endpoint Protection 14.3.2 Broadcom Symantec Endpoint Protection 14.3.3 Broadcom Symantec Endpoint Protection 14.3.4 Broadcom Symantec Endpoint Protection 14.3.5	7

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21014