CVE-2016-9093

Severity Score

7.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine.

Una versión del controlador SymEvent que se distribuye con Symantec Endpoint Protection 12.1 RU6 MP6 y anteriores no sanea correctamente las entradas de un usuario que haya iniciado sesión. SEP 14.0 y siguientes no se ha visto afectado por este problema. Un usuario no administrativo tendría que ser capaz de guardar un archivo ejecutable en el disco y, después, ejecutarlo con éxito. Si se construye correctamente, el archivo podría acceder a la interfaz del controlador y manipular ciertas llamadas del sistema. En todos los sistemas de 32 bits y, en la mayoría de casos, en sistemas de 64 bits, esto resultará en una denegación de servicio (DoS) que provocará el cierre inesperado del sistema. En circunstancias muy concretas, y solo en sistemas de 64 bits, esto podría permitir que el usuario ejecute código arbitrario en la máquina local con privilegios de nivel de kernel. Esto podría resultar en que un usuario no privilegiado obtenga acceso privilegiado en la máquina local.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-10-28 CVE Reserved
2018-04-16 CVE Published
2023-03-08 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/96294	Third Party Advisory
http://www.securitytracker.com/id/1037961	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00	2018-05-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				<= 12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version " <= 12.1.6"		-		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp1		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp1a		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp2		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp3		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp4		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp5		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp6		Affected