Vulnerability Details CVE-2018-18366
Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 2.1
References
Products affected by CVE-2018-18366
-
cpe:2.3:a:symantec:endpoint_protection:11.0
-
cpe:2.3:a:symantec:endpoint_protection:12.1
-
cpe:2.3:a:symantec:endpoint_protection:14
-
cpe:2.3:a:symantec:endpoint_protection:14.0.0
-
cpe:2.3:a:symantec:endpoint_protection:14.0.1
-
cpe:2.3:a:symantec:endpoint_protection:14.2
-
cpe:2.3:a:symantec:endpoint_protection:nis-22.15.2.22
-
cpe:2.3:a:symantec:endpoint_protection:sep-12.1.7484.7002
-
cpe:2.3:a:symantec:endpoint_protection_cloud:*
-
cpe:2.3:a:symantec:endpoint_protection_cloud_agent:*
-
cpe:2.3:a:symantec:norton_security:*