// For flags

CVE-2019-18374

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.

Symantec Critical System Protection (CSP), versiones 8.0, 8.0 HF1 y 8.0 MP1, pueden ser susceptibles a una vulnerabilidad de omisión de autenticación, que es un tipo de problema que puede potencialmente permitir a un actor de amenazas omitir los controles de autenticación existentes.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-10-23 CVE Reserved
  • 2019-11-25 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-10-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://support.symantec.com/us/en/article.SYMSA1498.html 2021-08-04
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Broadcom
Search vendor "Broadcom"
 Symantec Critical System Protection
Search vendor "Broadcom" for product "Symantec Critical System Protection"
 8.0.0
Search vendor "Broadcom" for product "Symantec Critical System Protection" and version "8.0.0"
-
Affected
Broadcom
Search vendor "Broadcom"
 Symantec Critical System Protection
Search vendor "Broadcom" for product "Symantec Critical System Protection"
 8.0.0
Search vendor "Broadcom" for product "Symantec Critical System Protection" and version "8.0.0"
hotfix1
Affected
Broadcom
Search vendor "Broadcom"
 Symantec Critical System Protection
Search vendor "Broadcom" for product "Symantec Critical System Protection"
 8.0.0
Search vendor "Broadcom" for product "Symantec Critical System Protection" and version "8.0.0"
mp1
Affected