CVE-2016-6590

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Encryption_desktop	Symantec	10.0.0 (including)	10.4.1 (excluding)
Endpoint_encryption	Symantec	7.0 (including)	7.6 (excluding)
Endpoint_encryption	Symantec	7.6 (including)	7.6 (including)
Ghost_solution_suite	Symantec	3.1 (including)	3.1 (including)
Ghost_solution_suite	Symantec	3.1-maintenance_pack1 (including)	3.1-maintenance_pack1 (including)
Ghost_solution_suite	Symantec	3.1-maintenance_pack2 (including)	3.1-maintenance_pack2 (including)
Ghost_solution_suite	Symantec	3.1-maintenance_pack3 (including)	3.1-maintenance_pack3 (including)
It_management_suite	Symantec	7.6 (including)	7.6 (including)
It_management_suite	Symantec	8.0 (including)	8.0 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6590
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

References

CVE-2016-6590

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References