Vulnerability Details : CVE-2016-6590
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.
Vulnerability category: Execute codeGain privilege
Products affected by CVE-2016-6590
- cpe:2.3:a:symantec:encryption_desktop:*:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_encryption:*:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_encryption:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:it_management_suite:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:it_management_suite:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:ghost_solution_suite:3.1:-:*:*:*:*:*:*
- cpe:2.3:a:symantec:ghost_solution_suite:3.1:maintenance_pack1:*:*:*:*:*:*
- cpe:2.3:a:symantec:ghost_solution_suite:3.1:maintenance_pack2:*:*:*:*:*:*
- cpe:2.3:a:symantec:ghost_solution_suite:3.1:maintenance_pack3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6590
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6590
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-6590
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6590
-
https://support.symantec.com/us/en/article.symsa1385.html
DLL Loading Issue in Symantec Enterprise ProductsVendor Advisory
-
http://www.securitytracker.com/id/1037302
Symantec Ghost Suite DLL Loading Error Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/94279
Multiple Symantec Products CVE-2016-6590 DLL Loading Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to