nvd-json-data-feeds/CVE-2015/CVE-2015-88xx/CVE-2015-8801.json

{
  "id": "CVE-2015-8801",
  "sourceIdentifier": "secure@symantec.com",
  "published": "2016-06-30T23:59:00.150",
  "lastModified": "2017-09-01T01:29:01.380",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en el cliente en Symantec Endpoint Protection (SEP) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios locales eludir restricciones destinadas a transferir archivo a USB llevando a cabo operaciones de sistema de archivos antes de que el administrador de dispositivos SEP reconozca un nuevo dispositivo USB."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "attackVector": "PHYSICAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 2.9,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 0.4,
        "impactScore": 2.5
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        },
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:*:mp4:*:*:*:*:*:*",
              "versionEndIncluding": "12.1.6",
              "matchCriteriaId": "DCE7769D-5CED-4365-93F3-0D4320470943"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/91446",
      "source": "secure@symantec.com"
    },
    {
      "url": "http://www.securitytracker.com/id/1036196",
      "source": "secure@symantec.com"
    },
    {
      "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01",
      "source": "secure@symantec.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}