Lucene search

SymantecCVE-2018-18364

HistoryFeb 08, 2019 - 5:29 p.m.

CVE-2018-18364

2019-02-0817:29:00

CWE-426

symantec

web.nvd.nist.gov

symantec

gss

cve-2018-18364

vulnerability

dll hijacking

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

14.1%

JSON

Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.

Affected configurations

Nvd

Node

symantecghost_solution_suiteMatch2.0

symantecghost_solution_suiteMatch2.5

symantecghost_solution_suiteMatch3.0

symantecghost_solution_suiteMatch3.0hf1

symantecghost_solution_suiteMatch3.0hf2

symantecghost_solution_suiteMatch3.0hf3

symantecghost_solution_suiteMatch3.0hf4

symantecghost_solution_suiteMatch3.0hf5

symantecghost_solution_suiteMatch3.1

symantecghost_solution_suiteMatch3.1mp1

symantecghost_solution_suiteMatch3.1mp2

symantecghost_solution_suiteMatch3.1mp3

symantecghost_solution_suiteMatch3.1mp4

symantecghost_solution_suiteMatch3.1mp5

symantecghost_solution_suiteMatch3.1mp6

symantecghost_solution_suiteMatch3.2

symantecghost_solution_suiteMatch3.2ru1

symantecghost_solution_suiteMatch3.2ru2

symantecghost_solution_suiteMatch3.2ru3

symantecghost_solution_suiteMatch3.2ru4

symantecghost_solution_suiteMatch3.2ru5

symantecghost_solution_suiteMatch3.2ru6

symantecghost_solution_suiteMatch3.2ru7

symantecghost_solution_suiteMatch3.3

VendorProductVersionCPE
symantecghost_solution_suite2.0cpe:2.3:a:symantec:ghost_solution_suite:2.0:*:*:*:*:*:*:*
symantecghost_solution_suite2.5cpe:2.3:a:symantec:ghost_solution_suite:2.5:*:*:*:*:*:*:*
symantecghost_solution_suite3.0cpe:2.3:a:symantec:ghost_solution_suite:3.0:*:*:*:*:*:*:*
symantecghost_solution_suite3.0cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf1:*:*:*:*:*:*
symantecghost_solution_suite3.0cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf2:*:*:*:*:*:*
symantecghost_solution_suite3.0cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf3:*:*:*:*:*:*
symantecghost_solution_suite3.0cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf4:*:*:*:*:*:*
symantecghost_solution_suite3.0cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf5:*:*:*:*:*:*
symantecghost_solution_suite3.1cpe:2.3:a:symantec:ghost_solution_suite:3.1:*:*:*:*:*:*:*
symantecghost_solution_suite3.1cpe:2.3:a:symantec:ghost_solution_suite:3.1:mp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	ghost_solution_suite	2.0	cpe:2.3:a:symantec:ghost_solution_suite:2.0:::::::*
symantec	ghost_solution_suite	2.5	cpe:2.3:a:symantec:ghost_solution_suite:2.5:::::::*
symantec	ghost_solution_suite	3.0	cpe:2.3:a:symantec:ghost_solution_suite:3.0:::::::*
symantec	ghost_solution_suite	3.0	cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf1::::::
symantec	ghost_solution_suite	3.0	cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf2::::::
symantec	ghost_solution_suite	3.0	cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf3::::::
symantec	ghost_solution_suite	3.0	cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf4::::::
symantec	ghost_solution_suite	3.0	cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf5::::::
symantec	ghost_solution_suite	3.1	cpe:2.3:a:symantec:ghost_solution_suite:3.1:::::::*
symantec	ghost_solution_suite	3.1	cpe:2.3:a:symantec:ghost_solution_suite:3.1:mp1::::::

Rows per page:

1-10 of 241

CNA Affected

[
  {
    "product": "Ghost Solution Suite (GSS)",
    "vendor": "Symantec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 3.3 RU1"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106684

support.symantec.com/en_US/article.SYMSA1474.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

14.1%

JSON

Related for CVE-2018-18364