CVE-2020-5823: 
Symantec Endpoint Protection vulnerability analysis and mitigation

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to versions 14.2 RU2 MP1 and 14.2.5569.2100 respectively, were identified with a privilege escalation vulnerability (CVE-2020-5823). The vulnerability was discovered by researcher Z0mb1E working with Trend Micro Zero Day Initiative and was publicly disclosed on February 11, 2020 (NVD, ZDI).

The vulnerability exists within the ccJobMgr.dll module of Symantec Endpoint Protection. By invoking a method of a COM class, an attacker can launch an arbitrary executable. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, Broadcom).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM, potentially gaining elevated access to resources that are normally protected from an application or user (ZDI).

Symantec released version 14.2 RU2 MP1 (14.2.5569.2100) to address this vulnerability. Additionally, a refresh of 14.2 RU2 (14.2.5334.2000) was released on February 10, 2020. The vendor recommends restricting access to administrative systems, running under the principle of least privilege, keeping systems current with vendor patches, and implementing a multi-layered security approach (Broadcom).