CVE-2018-18366

{"id": "CVE-2018-18366", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.0}]}, "published": "2019-04-25T20:29:02.177", "references": [{"url": "http://www.securityfocus.com/bid/107994", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@symantec.com"}, {"url": "https://support.symantec.com/en_US/article.SYMSA1479.html", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory."}, {"lang": "es", "value": "Symantec Norton Security, versiones anteriores a 22.16.3, SEP (cliente Windows) versiones anteriores e incluyendo a 12.1 RU6 MP9 y anteriores a 14.2 RU1, SEP SBE anteriores a Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 y SEP Cloud en versiones anteriores a 22.16.3 pueden ser susceptibles a una revelaci\u00f3n de la memoria del n\u00facleo, que es un tipo de problema en el que una petici\u00f3n IRP especialmente dise\u00f1ada puede hacer que el controlador devuelva la memoria no inicializada."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "D5DDAD68-240B-4369-8D7D-B10239C54747"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "3D9F3D24-2F6B-4DBB-9BAD-B675F531B9C8"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr2:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "69DA24CB-9464-4DBA-9757-CBF3253D324C"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr3:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "5708D207-5F1E-4CC5-89B0-9872F8021736"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr4:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "DA616B75-7FAA-4DFF-9E3C-9BF05D90C4AA"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:mr4-mp2:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "F728FD54-72A2-4C64-8EBA-AB516AFEB930"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru5:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C7D78695-4229-4163-A937-30B0FB97568A"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "665E9936-F11A-47C2-9919-7B9F236ED003"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "5EA8075B-DF2C-4A6C-B30D-405196C0E15C"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp2:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "506BD1F7-0B85-4DD2-A56B-6D84ECC1598B"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp3:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "46D9A4AF-B880-4AA3-B5A9-FB2F67AD8CDE"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6a:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "56382DCA-103C-4833-A950-6DB90102F208"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E0591908-0AD7-4DE6-B28D-DFA9CA6C29A0"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "85E4AE96-9917-4674-B08D-B8B5DEADB58D"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp2:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E5DB21D2-0ACD-468B-8144-10FCD7DCB428"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E9AD8898-62A9-40D1-9FA2-D980D5BB41DD"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4a:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "FC5F57A5-EAE3-4553-98C1-38C11C04D178"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ry7-mp3:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "76D3A7B5-3151-4442-B256-A60BC5A7915E"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "CD6A8A38-4199-4E73-894F-BA388FCA20EB"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "BF0DBAF4-95F3-4AA9-B9E6-4E9D9EEC56EE"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru1-mp1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "04378076-3B34-4F9F-AFE3-F740D6770C86"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru2:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "63A3DDBE-9B09-44E3-A899-6F0C9C88CDC8"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru2-mp1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "BD6EA05C-1748-4143-93A9-8CE5B336EA21"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru3:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "505C8AD8-E527-49F9-96AE-B9DAE32A634B"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E07ABDF7-6A4D-4CB1-8CA1-1708F25B89B8"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "8941F807-54BA-491B-B001-EC37843BAAB3"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1a:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "29A8D0C5-9389-4340-879A-033ED39D6A5C"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1b:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "BA24E896-329C-41DC-AF82-50D8479DE874"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru4a:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "3C615B28-E03C-4DDC-A669-BADE920C0213"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru5:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E63D215D-0861-4128-9CDC-03ACF0B7BDFA"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E5810456-C8B7-4716-8836-8C23CF0D8503"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C9FEE5B1-CBF7-491E-B818-360C70EE6E1A"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp10:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "931383D4-DE13-4E90-B9D3-EDAA157E9A0F"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp2:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "3C10597C-BC98-46DF-A264-C6F782E22256"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp3:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "8FB5E6EE-0336-4C51-A348-DF6669D424F4"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp4:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "DCBEC4B9-10F8-48B8-BE07-9646F4D15CF2"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp5:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "F7F7472F-8126-420C-B04E-112A01865804"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp6:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "309BB292-60D3-4D6A-A9EB-B1741A202162"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp7:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "57354358-0C2D-4DE4-BE79-1EA80A20517C"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp8:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "737E64E5-3F7B-4C5D-B1AB-54241D9C8852"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:14:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "DD3E3D04-80C5-46B6-A1AC-EF0AA15F9CB3"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:14:mp1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "FE526090-27CE-4CA8-84FD-37973B75BE28"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.0:mp2:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "4853BEBB-F207-489E-ABEB-AE2A8AEC2086"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.1:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E86D69CD-40A6-4F8E-8B07-41D6E3B8FD32"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "4C30BA87-1FD2-4CBE-AC8B-AA57B9AA91D6"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp2:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "F3A02563-3A73-44E9-8169-5904B93CEB12"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.2:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "D088B925-70DF-4CA1-B840-81C10F52049A"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:14.2:mp1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "901E887F-74DA-457B-A124-F3692CE76209"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:nis-22.15.2.22:*:*:*:small_business:*:*:*", "vulnerable": true, "matchCriteriaId": "F562DF12-99D5-4111-9CD6-D1E5B7920225"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:sep-12.1.7484.7002:*:*:*:small_business:*:*:*", "vulnerable": true, "matchCriteriaId": "33FAAF42-04C9-430C-8C9A-F707AB6B469C"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31AFAAF0-ED33-4C9E-9708-456766A8A61F", "versionEndExcluding": "22.16.3"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud_agent:*:*:*:*:small_business:*:*:*", "vulnerable": true, "matchCriteriaId": "5B36DE59-81E1-4800-96CB-C9281C15E2F5", "versionEndExcluding": "3.00.31.2817"}, {"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C5C50AD8-9816-4DDE-B8A7-1243BF2E56BF", "versionEndExcluding": "22.16.3"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}