CVE Vulnerabilities

CVE-2016-6590

Improper Privilege Management

Published: Jan 08, 2020 | Modified: Jan 21, 2020
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Encryption_desktop Symantec 10.0.0 (including) 10.4.1 (excluding)
Endpoint_encryption Symantec 7.0 (including) 7.6 (excluding)
Endpoint_encryption Symantec 7.6 (including) 7.6 (including)
Ghost_solution_suite Symantec 3.1 (including) 3.1 (including)
Ghost_solution_suite Symantec 3.1-maintenance_pack1 (including) 3.1-maintenance_pack1 (including)
Ghost_solution_suite Symantec 3.1-maintenance_pack2 (including) 3.1-maintenance_pack2 (including)
Ghost_solution_suite Symantec 3.1-maintenance_pack3 (including) 3.1-maintenance_pack3 (including)
It_management_suite Symantec 7.6 (including) 7.6 (including)
It_management_suite Symantec 8.0 (including) 8.0 (including)

Potential Mitigations

References