CVE-2020-5824: 
Symantec Endpoint Protection vulnerability analysis and mitigation

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to versions 14.2 RU2 MP1 and 14.2.5569.2100 respectively, were identified with a denial of service vulnerability. This vulnerability was discovered in early 2020 and was assigned CVE-2020-5824 (CVE Details, NVD).

The vulnerability exists within the AvHostPlugin.dll module and allows local attackers to create a denial-of-service condition on affected installations. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. By invoking a method of a COM class, an attacker can delete arbitrary files (ZDI Advisory).

When successfully exploited, this vulnerability allows a threat actor to tie up the resources of a resident application, thereby making certain functions unavailable. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (Broadcom Support).

Symantec has released updates to address this vulnerability. Users should upgrade to SEP 14.2 RU2 MP1 (14.2.5569.2100) or SEPM 14.2 RU2 MP1. Additionally, a refresh of 14.2 RU2 (14.2.5334.2000) was released on February 10, 2020, available upon request from Symantec Technical Support (Broadcom Support).

The vulnerability was discovered and reported by security researcher Z0mb1E working with Trend Micro's Zero Day Initiative (ZDI Advisory).