CVE-2020-5829: 
Symantec Endpoint Management vulnerability analysis and mitigation

Symantec Endpoint Protection Manager (SEPM), prior to version 14.2 RU2 MP1, was identified with an out-of-bounds vulnerability (CVE-2020-5829). The vulnerability was discovered in early 2020 and publicly disclosed on February 11, 2020. This security issue affects the Symantec Endpoint Protection Manager software, specifically impacting the secars.dll module (ZDI Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability, which occurs when the application reads memory outside the bounds of allocated memory. The issue stems from improper validation of user-supplied data in the secars.dll module. The vulnerability has been assigned a CVSS v3.1 base score of 3.3 (Low) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating local access is required with low attack complexity (NVD).

The vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. The attacker can potentially leverage this vulnerability in conjunction with other vulnerabilities to execute code in the context of the semwebsrv user (ZDI Advisory).

Symantec has released an update to address this vulnerability in version 14.2 RU2 MP1. Users are advised to update their Symantec Endpoint Protection Manager installations to this version or later to mitigate the vulnerability (ZDI Advisory).