CVE-2018-18366 Information

Description

Symantec Norton Security prior to 22.16.3 SEP (Windows client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 SEP SBE prior to Cloud Agent 3.00.31.2817 NIS-22.15.2.22 SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/107994 https://support.symantec.com/en_US/article.SYMSA1479.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5