Vulnerability Description
Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Endpoint Protection | 11.0 |
| Symantec | Endpoint Protection Cloud | < 22.16.3 |
| Symantec | Endpoint Protection Cloud Agent | < 3.00.31.2817 |
| Symantec | Norton Security | < 22.16.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107994Third Party AdvisoryVDB Entry
- https://support.symantec.com/en_US/article.SYMSA1479.htmlVendor Advisory
- http://www.securityfocus.com/bid/107994Third Party AdvisoryVDB Entry
- https://support.symantec.com/en_US/article.SYMSA1479.htmlVendor Advisory
FAQ
What is CVE-2018-18366?
CVE-2018-18366 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.700...
How severe is CVE-2018-18366?
CVE-2018-18366 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18366?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Endpoint Protection, Symantec Endpoint Protection Cloud, Symantec Endpoint Protection Cloud Agent, Symantec Norton Security.