CVE-2020-5822: 
Symantec Endpoint Protection vulnerability analysis and mitigation

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to versions 14.2 RU2 MP1 and 14.2.5569.2100 respectively, were found to contain a privilege escalation vulnerability identified as CVE-2020-5822. The vulnerability was discovered in 2019 and publicly disclosed on February 11, 2020. This security flaw affects the ccSvc.dll module of the Symantec Endpoint Protection software (ZDI Advisory).

The vulnerability exists within the ccSvc.dll module and allows local attackers to escalate privileges on affected installations. The specific flaw involves a method of a COM class that can be exploited to launch an arbitrary executable. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity (NVD, ZDI Advisory).

An attacker who successfully exploits this vulnerability can leverage it to escalate privileges and execute arbitrary code in the context of SYSTEM, potentially gaining elevated access to resources that are normally protected from an application or user (ZDI Advisory, Broadcom Advisory).

Symantec has released updates to address this vulnerability. Users should upgrade to SEP 14.2 RU2 MP1 (14.2.5569.2100) or later versions. Additionally, Symantec recommends restricting access to administrative systems to authorized privileged users, running under the principle of least privilege, keeping all operating systems and applications current with vendor patches, and implementing a multi-layered security approach (Broadcom Advisory).

The vulnerability was discovered and reported by security researcher Z0mb1E working with Trend Micro's Zero Day Initiative (Broadcom Advisory).