CVE-2020-5827: 
Symantec Endpoint Management vulnerability analysis and mitigation

CVE-2020-5827 is an out of bounds vulnerability affecting Symantec Endpoint Protection Manager (SEPM) versions prior to 14.2 RU2 MP1. The vulnerability was discovered and disclosed in March 2020, with a CVSS v3 score of 3.3 (Low severity). This type of vulnerability results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program (Broadcom Support).

The vulnerability has a CVSS v3 base score of 3.3 with the following vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, no user interaction, and has a limited confidentiality impact with no integrity or availability impacts (Broadcom Support).

The vulnerability allows an attacker to read memory outside of the bounds of the memory allocated to the program, potentially exposing sensitive information. The impact is limited to confidentiality breaches with no direct impact on system integrity or availability (Broadcom Support).

Symantec released version 14.2 RU2 MP1 to address this vulnerability. The company recommends users upgrade to this version. Additional recommended security measures include restricting access to administrative systems to authorized privileged users, running under the principle of least privilege, keeping all operating systems and applications current with vendor patches, and deploying network and host-based intrusion detection systems (Broadcom Support).