CVE-2018-18363 : Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In th

Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.

Published 2019-01-24 20:29:00

Updated 2019-10-03 00:03:26

Source Symantec Corporation

View at NVD, CVE.org

Products affected by CVE-2018-18363

Symantec » Norton App Lock
Versions before (<) 1.4.0.445
cpe:2.3:a:symantec:norton_app_lock:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-18363

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-18363

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.2	MEDIUM	CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.3	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2018-18363

https://support.symantec.com/en_US/article.SYMSA1473.html

Norton App Lock Bypass
Mitigation;Vendor Advisory
http://www.securityfocus.com/bid/106450

Symantec Norton App Lock CVE-2018-18363 Local Security Bypass Vulnerability
VDB Entry;Third Party Advisory

Jump to

Vulnerability Details : CVE-2018-18363

Products affected by CVE-2018-18363

Exploit prediction scoring system (EPSS) score for CVE-2018-18363

CVSS scores for CVE-2018-18363

References for CVE-2018-18363