SEP Agent PrivEsc: Windows Privilege Escalation via Vulnerable Update
CVE-2022-37016 Published on December 1, 2022
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Vulnerability Analysis
CVE-2022-37016 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Products Associated with CVE-2022-37016
stack.watch emails you whenever new vulnerabilities are published in Broadcom Symantec Endpoint Protection or Symantec Endpoint Protection. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.