The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Symantec Endpoint Encryption

vulnerability bulletin CVE-2019-9702 CVE-2019-9703

Symantec Endpoint Encryption, Symantec Encryption Desktop: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Symantec Endpoint Encryption or Symantec Encryption Desktop, in order to escalate his privileges.
Impacted products: Symantec Endpoint Encryption.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/07/2019.
Identifiers: CVE-2019-9702, CVE-2019-9703, SYMSA1485, VIGILANCE-VUL-29663.

Description of the vulnerability

An attacker can bypass restrictions of Symantec Endpoint Encryption or Symantec Encryption Desktop, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-9694

Symantec Endpoint Encryption: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Symantec Endpoint Encryption, in order to escalate his privileges.
Impacted products: Symantec Endpoint Encryption.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/04/2019.
Identifiers: CVE-2019-9694, SYMSA1478, VIGILANCE-VUL-28978.

Description of the vulnerability

An attacker can bypass restrictions of Symantec Endpoint Encryption, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability 24640

Symantec Encryption Desktop, Endpoint Encryption: privilege escalation via NTFS Hard Disk

Synthesis of the vulnerability

An attacker can bypass restrictions via NTFS Hard Disk of Symantec Encryption Desktop, Endpoint Encryption, in order to escalate his privileges.
Impacted products: Symantec Encryption Desktop, Symantec Endpoint Encryption.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 04/12/2017.
Identifiers: VIGILANCE-VUL-24640.

Description of the vulnerability

An attacker can bypass restrictions via NTFS Hard Disk of Symantec Encryption Desktop, Endpoint Encryption, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-15525 CVE-2017-15526

Symantec Endpoint Encryption: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec Endpoint Encryption.
Impacted products: Symantec Endpoint Encryption.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/11/2017.
Identifiers: CVE-2017-15525, CVE-2017-15526, SYM17-012, VIGILANCE-VUL-24424.

Description of the vulnerability

An attacker can use several vulnerabilities of Symantec Endpoint Encryption.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-13675 CVE-2017-13683

Symantec Endpoint Encryption: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Symantec Endpoint Encryption, in order to trigger a denial of service.
Impacted products: Symantec Endpoint Encryption.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/10/2017.
Identifiers: CVE-2017-13675, CVE-2017-13683, SYM17-010, VIGILANCE-VUL-24066.

Description of the vulnerability

An attacker can generate a fatal error of Symantec Endpoint Encryption, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-8156

Symantec Endpoint Encryption: privilege escalation via EEDService

Synthesis of the vulnerability

A local attacker can put a malicious DLL in the path of EEDService of Symantec Endpoint Encryption, in order to escalate his privileges.
Impacted products: Symantec Endpoint Encryption.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2016.
Identifiers: BID-90050, CVE-2015-8156, SYM16-006, VIGILANCE-VUL-19563.

Description of the vulnerability

The Symantec Endpoint Encryption product installs the EEDService service.

However, the access path to a DLL is not quoted.

A local attacker can therefore put a malicious DLL in the path of EEDService of Symantec Endpoint Encryption, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-6556

Symantec Endpoint Encryption: information disclosure via Client Memory Dump

Synthesis of the vulnerability

A local attacker can force a Memory Dump of Symantec Endpoint Encryption, in order to obtain sensitive information, to access to SEE Management Server.
Impacted products: Symantec Endpoint Encryption.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: user shell.
Creation date: 15/12/2015.
Identifiers: BID-78803, CVE-2015-6556, SYM15-012, VIGILANCE-VUL-18523.

Description of the vulnerability

The Symantec Endpoint Encryption product is installed on client computers, and stores the password to access to SEEMS (SEE Management Server).

However, an attacker can dump the process memory, and read this credentials.

A local attacker can therefore force a Memory Dump of Symantec Endpoint Encryption, in order to obtain sensitive information, to access to SEE Management Server.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Symantec Endpoint Encryption: