CVE-2020-5837: 
Symantec Endpoint Protection vulnerability analysis and mitigation

Symantec Endpoint Protection (Windows Endpoint), prior to version 14.3, contains a vulnerability identified as CVE-2020-5837. The vulnerability was discovered by Ilias Dimopoulos of RedyOps Research Labs and was disclosed on May 11, 2020. This security flaw affects the way the software handles file permissions when writing to log files that have been replaced by symbolic links (Broadcom Advisory, CVE Database).

The vulnerability has been assigned a CVSS v3 base score of 7.8 (High), with the following vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The technical issue stems from the software's failure to properly respect file permissions specifically when dealing with log files that have been replaced by symbolic links (Broadcom Advisory).

The vulnerability can lead to a potential elevation of privilege on affected systems. This means an attacker could potentially gain higher levels of access than intended, compromising the security of the affected system (Broadcom Advisory).

The primary mitigation is to upgrade to Symantec Endpoint Protection version 14.3 or later. Broadcom also recommends additional security measures including: restricting access to administrative systems to authorized privileged users, running systems under the principle of least privilege, keeping all operating systems and applications current with vendor patches, and implementing a multi-layered security approach (Broadcom Advisory).