CVE-2017-15534

The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access.

CVSS v3 6.7 MEDIUM
CVSS v2.0 7.2 HIGH

6.7^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/103377	Third Party Advisory VDB Entry
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20180326_00	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:symantec:norton_app_lock:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-26 16:29

Updated : 2024-02-28 16:25

NVD link : CVE-2017-15534

Mitre link : CVE-2017-15534

CVE.ORG link : CVE-2017-15534

JSON object : View

Products Affected

symantec

norton_app_lock

CWE

CWE-287

Improper Authentication

{"id": "CVE-2017-15534", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2018-03-26T16:29:00.223", "references": [{"url": "http://www.securityfocus.com/bid/103377", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@symantec.com"}, {"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20180326_00", "tags": ["Mitigation", "Vendor Advisory"], "source": "secure@symantec.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access."}, {"lang": "es", "value": "Norton App Lock en versiones anteriores a la 1.3.0.13 puede ser vulnerable a un exploit de omisi\u00f3n de autenticaci\u00f3n En este caso espec\u00edfico, el exploit puede permitir al usuario forzar el cierre de la aplicaci\u00f3n para evitar que bloquee el dispositivo y, de ese modo, permitir al individuo obtener acceso a \u00e9l."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:norton_app_lock:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70C63C19-EAAB-4BC6-ACAD-B7D5F11663EE", "versionEndExcluding": "1.3.0.13"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}