CVE-2018-12244 : SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may b

SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.

Published 2019-04-25 19:29:00

Updated 2020-08-24 17:37:01

Source Symantec Corporation

View at NVD, CVE.org

Products affected by CVE-2018-12244

Symantec » Endpoint Protection » Version: 14.2 Update MP1 For Macos
cpe:2.3:a:symantec:endpoint_protection:14.2:mp1:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 14.0.1 Update MP1 For Macos
cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp1:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update RU1 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru1:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update RU2 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru2:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru4-mp1a For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1a:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru4a For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru4a:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru6-mp5 For Mac Os X
cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp5:*:*:*:mac_os_x:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru6-mp7 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp7:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update Mr4-mp2 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:mr4-mp2:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update RU6 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru6:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update RU7 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru7:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update Ru7-mp2 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp2:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru2-mp1 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru2-mp1:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update RU3 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru3:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update RU4 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru4:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru4-mp1 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update MR1 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:mr1:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update MR2 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:mr2:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update MR3 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:mr3:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update Ru7-mp4 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update Ru7-mp4a For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4a:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 14.0.1 For Macos
cpe:2.3:a:symantec:endpoint_protection:14.0.1:*:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 14.0.0 Update MP2 For Macos
cpe:2.3:a:symantec:endpoint_protection:14.0.0:mp2:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 14 Update MP1 For Macos
cpe:2.3:a:symantec:endpoint_protection:14:mp1:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 14 For Macos
cpe:2.3:a:symantec:endpoint_protection:14:*:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update RU6 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru6:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru6-mp1 For Mac Os X
cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp1:*:*:*:mac_os_x:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru6-mp2 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp2:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru6-mp3 For Mac Os X
cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp3:*:*:*:mac_os_x:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update Ru6-mp1 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp1:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update Ru6-mp2 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp2:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update Ru6-mp3 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp3:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update Ru6a For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru6a:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 14.2 For Macos
cpe:2.3:a:symantec:endpoint_protection:14.2:*:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 14.0.1 Update MP2 For Macos
cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp2:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru6-mp10 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp10:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru1-mp1 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru1-mp1:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru4-mp1b For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1b:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update RU5 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru5:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru6-mp4 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp4:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru6-mp6 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp6:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1 Update Ru6-mp8 For Macos
cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp8:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update MR4 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:mr4:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update RU5 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru5:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update Ru7-mp1 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp1:*:*:*:macos:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0 Update Ry7-mp3 For Macos
cpe:2.3:a:symantec:endpoint_protection:11.0:ry7-mp3:*:*:*:macos:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-12244

EPSS FAQ

0.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 61 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-12244

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L	2.8	3.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

CWE ids for CVE-2018-12244

CWE-1236 Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-12244

https://www.securityfocus.com/bid/107999

Symantec Endpoint Protection CVE-2018-12244 Security Bypass Vulnerability
Third Party Advisory;VDB Entry
https://support.symantec.com/en_US/article.SYMSA1479.html

Norton SEP Multiple Issues
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-12244

Products affected by CVE-2018-12244

Exploit prediction scoring system (EPSS) score for CVE-2018-12244

CVSS scores for CVE-2018-12244

CWE ids for CVE-2018-12244

References for CVE-2018-12244