Symantec has released an update to address an issue that was discovered in the Symantec Endpoint Encryption product.
Symantec Endpoint Encryption
CVE
|
Affected Version(s)
|
Remediation
CVE-2019-9694
|
Prior to SEE 11.2.1 MP1
|
Upgrade to SEE 11.2.1 MP1
CVE-2019-9694
Severity/CVSSv3:
|
Medium / 4.8 AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
References:
Impact:
|
Security Focus: BID 107653 / NVD: CVE-2019-9694
Privilege Escalation
Description:
|
Symantec Endpoint Encryption may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
The mentioned issue was validated by the product team engineers. A Symantec Endpoint Encryption update, version SEE 11.2.1 MP1, has been released which addresses the aforementioned issue. Please note that this issue is only applicable in cases where Symantec Endpoint Encryption is being used to manage BitLocker. The latest releases and patches for Symantec Endpoint Encryption are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from these issues.
Symantec recommends the following measures to reduce risk of attack: