CVE-2020-5836: 
Symantec Endpoint Protection vulnerability analysis and mitigation

Symantec Endpoint Protection (Windows Endpoint), prior to version 14.3, was identified with a security vulnerability (CVE-2020-5836) that was disclosed on May 11, 2020. This vulnerability relates to the potential reset of ACLs on files by limited users when Symantec Endpoint Protection's Tamper Protection feature is disabled (Broadcom Advisory).

The vulnerability has been assessed with a CVSS v3.1 score of 6.7 (Medium severity) with the following vector: AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, high attack complexity, low privileges, and user interaction to exploit, but could potentially result in high impacts to confidentiality, integrity, and availability (Broadcom Advisory).

If successfully exploited, this vulnerability could lead to an elevation of privilege on the affected system. The vulnerability specifically involves the ability to reset Access Control Lists (ACLs) on files when the Tamper Protection feature is disabled, potentially allowing unauthorized access or modifications to protected files (Broadcom Advisory).

The vulnerability has been addressed in Symantec Endpoint Protection version 14.3. Broadcom recommends upgrading to this version to remediate the issue. Additional recommended security measures include restricting access to administrative systems to authorized privileged users, running systems under the principle of least privilege, keeping all operating systems and applications current with vendor patches, and implementing a multi-layered security approach (Broadcom Advisory).