CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-12238

HIGH
7.8
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile7.62th
Published2018年11月29日
Last Modified2024年11月21日

Vulnerability Description

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected.

Affected Platforms (CPE)

📦
Symantec

Endpoint Protection

>= 11.0 and < 12.1.7454.7000
📦
Symantec

Endpoint Protection

>= 14.0 and <= 14.2
📦
Symantec

Endpoint Protection Cloud

< 22.15.1
📦
Symantec

Norton Antivirus

< 22.15

References & Advisories

🔗 http://www.securityfocus.com/bid/105917
🔗 https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html
🔗 http://www.securityfocus.com/bid/105917
🔗 https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html

関連する脆弱性情報

CVE-2009-142910.0

The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); S...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2021-367839.9

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project...

CVE-2021-385409.8

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to...