CVE-2020-5825: 
Symantec Endpoint Protection vulnerability analysis and mitigation

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to versions 14.2 RU2 MP1 and 14.2.5569.2100 respectively, were found to contain an arbitrary file write vulnerability. This vulnerability was discovered and reported by researcher Z0mb1E working with Trend Micro Zero Day Initiative, and was officially assigned CVE-2020-5825 on January 6, 2020 (ZDI Advisory, Broadcom Support).

The vulnerability has been assigned a CVSS v3 base score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). The specific flaw exists within the AvHostPlugin.dll module, allowing an attacker to overwrite existing files on the resident system without proper privileges. The vulnerability requires local access and low privileges to exploit (ZDI Advisory, Broadcom Support).

If successfully exploited, this vulnerability allows attackers to overwrite existing files on the affected system without proper privileges, potentially leading to a denial-of-service condition. The impact is characterized by no confidentiality impact, low integrity impact, and high availability impact as reflected in the CVSS scoring (Broadcom Support).

Symantec has released updates to address this vulnerability. Users should upgrade to SEP 14.2 RU2 MP1 (14.2.5569.2100) or SEP SBE 14.2 RU2 MP1 (14.2.5569.2100). Additionally, Symantec recommends restricting access to administrative systems to authorized privileged users, running under the principle of least privilege, keeping all operating systems and applications current with vendor patches, and following a multi-layered approach to security (Broadcom Support).