-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.2370
        SYMSA1485-Symantec Endpoint Encryption Privilege Escalation
                                1 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Symantec Endpoint Encryption
Publisher:         Symantec
Operating System:  Windows
                   Mac OS
Impact/Access:     Increased Privileges -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-9703 CVE-2019-9702 

Original Bulletin: 
   http://support.symantec.com/content/unifiedweb/us/en/article.SYMSA1485.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SYMSA1485

Symantec Endpoint Encryption Privilege Escalation

Last Updated June 28, 2019
Initial Publication Date June 17, 2019


  o Status: Closed
  o Severity: Medium
  o CVSS Base Score: 6.5



Summary

Affected Products

+-------------------------------------------------------+
|Symantec Endpoint Encryption (SEE)                     |
+-------------+-------------------+---------------------+
|CVE          |Affected Version(s)|Remediation          |
+-------------+-------------------+---------------------+
|CVE-2019-9702|                   |                     |
|             |Prior to SEE 11.3.0|Upgrade to SEE 11.3.0|
|CVE-2019-9703|                   |                     |
+-------------+-------------------+---------------------+

+-------------------------------------------------------+
|Symantec Encryption Desktop (SED)                      |
+-------------+-------------------+---------------------+
|CVE          |Affected Version(s)|Remediation          |
+-------------+-------------------+---------------------+
|CVE-2019-9702|                   |Migrate to SEE 11.3.0|
|             |All versions       |                     |
|CVE-2019-9703|                   |(See above)          |
+-------------+-------------------+---------------------+

Issues

+-----------------------------------------------------------------------------+
|CVE-2019-9702                                                                |
+------------+----------------------------------------------------------------+
|Severity/   |Medium / 6.5 AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H                |
|CVSSv3:     |                                                                |
+------------+----------------------------------------------------------------+
|References: |Security Focus: BID 108795 / NVD: CVE-2019-9702                 |
|            |                                                                |
|Impact:     |Privilege Escalation                                            |
+------------+----------------------------------------------------------------+
|            |Symantec Endpoint Encryption and Symantec Encryption Desktop may|
|Description:|be susceptible to a privilege escalation vulnerability, which is|
|            |a type of issue that allows a user to gain elevated access to   |
|            |resources that are normally protected at lower access levels.   |
+------------+----------------------------------------------------------------+

+-----------------------------------------------------------------------------+
|CVE-2019-9703                                                                |
+------------+----------------------------------------------------------------+
|Severity/   |Medium / 6.5 AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H                |
|CVSSv3:     |                                                                |
+------------+----------------------------------------------------------------+
|References: |Security Focus: BID 108796 / NVD: CVE-2019-9703                 |
|            |                                                                |
|Impact:     |Privilege Escalation                                            |
+------------+----------------------------------------------------------------+
|            |Symantec Endpoint Encryption and Symantec Encryption Desktop may|
|Description:|be susceptible to a privilege escalation vulnerability, which is|
|            |a type of issue that allows a user to gain elevated access to   |
|            |resources that are normally protected at lower access levels.   |
+------------+----------------------------------------------------------------+

Mitigation

These issues were validated by the product team engineers. A Symantec Endpoint
Encryption update, version SEE 11.3.0, has been released which addresses the
aforementioned issues. The latest releases and patches for Symantec Endpoint
Encryption are available to customers through normal support channels. At this
time, Symantec is not aware of any exploitations or adverse customer impact
from these issues.

Note for users of Symantec Encryption Desktop: Be advised that the issues
mentioned affect the SED product line. Symantec recommends the following
measures to reduce the risk of attack:

  o Restrict access to administrative or management systems to authorized
    privileged users.
  o Restrict remote access to trusted/authorized systems only.
  o Run under the principle of least privilege, where possible, to limit the
    impact of potential exploit.
  o Keep all operating systems and applications current with vendor patches.
  o Follow a multi-layered approach to security. At a minimum, run both
    firewall and anti-malware applications to provide multiple points of
    detection and protection for both inbound and outbound threats.
  o Deploy network and host-based intrusion detection systems to monitor
    network traffic for signs of anomalous or suspicious activity. This may aid
    in the detection of attacks or malicious activity related to the
    exploitation of latent vulnerabilities.

Acknowledgements

  o CVE-2019-9702: Kyriakos Economou (@kyREcon) of Nettitude: https://
    www.nettitude.com/
  o CVE-2019-9703: Kyriakos Economou (@kyREcon) of Nettitude: https://
    www.nettitude.com/

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXRlgXGaOgq3Tt24GAQhPWxAAw7NbAvR5/UUhAxmeDbH5tWDIvd+yMh3n
jkRnrV55za2/nFwW0Q+kFG57ioB0Ui4X18+khOUc9HyBy64n3CMk6Iu3w901ZxeQ
ySjqR6SQQlD2jLgSgPoHE0fbjOpvgVhhLg0Li6ER6zSgIo8fywVAmzz0EH7KmvDx
yyAVmFwEo8aBNRVOClLgB70OrWRVaREJ0kCFSX0CAfZHc4WdC7suUSpe91ah6o3p
ZR2vRzXXS/zpd4MVvprlBku1UwPFYiriTup416C/gSXIlInIjmpXow8HvN9ZkioX
H252ZtoZm0gSSbAwySJVcaAnJjkJRdu8ky29YTTA5nEC2v45thGW40kzZ49KIXR6
5aHxEawlnZX/fypsz7vyUYGfGtSGnrG2ftmhR4AdqkBHRyjQblDb1m3XwfI+w4bB
XUJrsfXpRPGrRNjoWu7WrnOBTVMZUKPfSsmkN5tpqqkZFvOFOmB+zZ5aVl9Gmbsj
0ODzo048iE2S4rvIJdEgFcEXlGE5KyR6EZ5jXs0Dkse77E2FrBr2NFXJ8u8Rlpsi
unv1c52XVzGQXwXSbveUhgY/86ns/bbOroqtN/hTfp1uieV0jWe4Ib+MFmYR66F0
52tixMpPl/ncSmwjpb1N0OMs5LjyTa9MtOOOpo9Lu3S7LRX8rM3rG26nkvgxiOYW
SHAX7aUqJAY=
=G60Y
-----END PGP SIGNATURE-----