CVE-2015-8801 | Date: (C)2016-08-25 (M)2023-12-22 |
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 2.9 | CVSS Score : 3.3 |
Exploit Score: 0.4 | Exploit Score: 3.4 |
Impact Score: 2.5 | Impact Score: 4.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: PHYSICAL | Access Vector: LOCAL |
Attack Complexity: HIGH | Access Complexity: MEDIUM |
Privileges Required: LOW | Authentication: NONE |
User Interaction: NONE | Confidentiality: PARTIAL |
Scope: UNCHANGED | Integrity: PARTIAL |
Confidentiality: LOW | Availability: NONE |
Integrity: LOW | |
Availability: NONE | |
| |