CVE-2018-18368 : Security Advisory and Response

Symantec Endpoint Protection Manager (SEPM) version before 14.2 RU1 has a vulnerability that can be exploited for privilege escalation.

Understanding CVE-2018-18368

Symantec Endpoint Protection Manager (SEPM) is susceptible to a privilege escalation vulnerability, allowing attackers to gain higher access to protected resources.

What is CVE-2018-18368?

CVE-2018-18368 is a vulnerability in Symantec Endpoint Protection Manager (SEPM) prior to version 14.2 RU1 that enables attackers to potentially escalate privileges within the software.

The Impact of CVE-2018-18368

This vulnerability could be exploited by attackers to compromise the SEPM application and access resources typically restricted from users or applications.

Technical Details of CVE-2018-18368

Symantec Endpoint Protection Manager (SEPM) version before 14.2 RU1 is affected by this privilege escalation vulnerability.

Vulnerability Description

The vulnerability in SEPM allows attackers to attempt to compromise the software application to gain elevated access to protected resources.

Affected Systems and Versions

Product: Symantec Endpoint Protection Manager (SEPM)
Versions Affected: Prior to 14.2 RU1

Exploitation Mechanism

Attackers can exploit this vulnerability to gain unauthorized access to resources within the SEPM application.

Mitigation and Prevention

To address CVE-2018-18368, consider the following steps:

Immediate Steps to Take

Update SEPM to version 14.2 RU1 or later to mitigate the vulnerability.
Monitor for any unauthorized access or unusual activities within the SEPM application.

Long-Term Security Practices

Regularly update and patch SEPM to ensure the latest security fixes are in place.
Implement strong access controls and user permissions to limit potential privilege escalation.

Patching and Updates

Ensure timely installation of security patches and updates for SEPM to prevent exploitation of known vulnerabilities.