CVE-2011-3477

GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/47822	Third Party Advisory VDB Entry
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20111109_00	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:backup_exec_system_recovery:8.5:::::::*
	cpe:2.3:a:symantec:backup_exec_system_recovery:9.0:::::::*
	cpe:2.3:a:symantec:backup_exec_system_recovery:2010:::::::*
	cpe:2.3:a:symantec:norton_360:5.0:::::::*
	cpe:2.3:a:symantec:norton_ghost::::::::
	cpe:2.3:a:symantec:system_recovery_2011:10.0:::::::*

History

No history.

Information

Published : 2018-02-19 19:29

Updated : 2024-02-28 16:25

NVD link : CVE-2011-3477

Mitre link : CVE-2011-3477

CVE.ORG link : CVE-2011-3477

JSON object : View

Products Affected

symantec

system_recovery_2011
backup_exec_system_recovery
norton_360
norton_ghost

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2011-3477", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-02-19T19:29:00.267", "references": [{"url": "http://www.securityfocus.com/bid/47822", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20111109_00", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors."}, {"lang": "es", "value": "GEAR Software CD DVD Filter driver (tambi\u00e9n conocido como GEARAspiWDM.sys), tal y como se usa en Symantec Backup Exec System Recovery 8.5 y BESR 2010, Symantec System Recovery 2011, Norton 360 y Norton Ghost, permite que los usuarios locales provoquen una denegaci\u00f3n de servicio (cierre inesperado del sistema) mediante vectores no especificados."}], "lastModified": "2018-03-21T14:35:53.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:backup_exec_system_recovery:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26C55BD3-FB64-42B4-9592-387D3B2807D7"}, {"criteria": "cpe:2.3:a:symantec:backup_exec_system_recovery:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "094615A2-E362-4944-BD12-7F048B4B824D"}, {"criteria": "cpe:2.3:a:symantec:backup_exec_system_recovery:2010:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B1C9194-DB47-430B-A0FA-1E5233305D9C"}, {"criteria": "cpe:2.3:a:symantec:norton_360:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "773EC02D-BAE6-4E24-BC28-8A55394B5AB2"}, {"criteria": "cpe:2.3:a:symantec:norton_ghost:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47893F2E-06CD-4C8F-87D0-BECAEF97D3F3", "versionEndIncluding": "15.0"}, {"criteria": "cpe:2.3:a:symantec:system_recovery_2011:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "635790E9-3511-4215-9F24-F7C736B5DB24"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}