[German]There are serious vulnerabilities in older versions (before 14.3) of Endpoint Protection and Endpoint Protection Manager for Windows that allow the system to take over. Symantec has released updates for these products.
Symantec has already released this Security-Advisory on the topic on 11 May 2020. The developers have released updates to address issues discovered in the Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Manager (SEPM) products. The vulnerabilities are as follows:
Symantec Endpoint Protection Manager (SEPM)
CVE-2020-5833, CVE-2020-5834, CVE-2020-5835: Versions prior to 14.3 are affected and administrators should update to version 14.3 to close the vulnerabilities.
Symantec Endpoint Protection (SEP)
CVE-2020-5836, CVE-2020-5837: Versions prior to 14.3 are affected and administrators should update to version 14.3 to close the vulnerabilities.
Details of the individual vulnerabilities, of which only one is listed as critical, can be found in the Security-Advisory. It is unclear whether the products are affected for all operating systems like Linux, macOS and Windows, as heise writes here.
Cookies helps to fund this blog: Cookie settings