Cloud Defense Logo

Products

Solutions

Company

CVE-2018-12238 : Security Advisory and Response

Learn about CVE-2018-12238, an AV bypass vulnerability affecting Norton, Symantec Endpoint Protection, and Symantec Endpoint Protection Cloud. Find out how to mitigate this security risk.

Products such as Norton, Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE), and Symantec Endpoint Protection Cloud (SEP Cloud) may have a vulnerability that allows attackers to bypass the antivirus engine, specifically in versions prior to 22.15 for Norton, 12.1.7454.7000 and 14.2 for SEP, NIS-22.15.1.8 & SEP-12.1.7454.7000 for SEP SBE, and 22.15.1 for SEP Cloud. This exploit modifies the scanned file to evade detection by altering the signature pattern used to identify malicious files and viruses in the antivirus engine's database.

Understanding CVE-2018-12238

This CVE involves an AV bypass vulnerability affecting various Symantec products.

What is CVE-2018-12238?

CVE-2018-12238 is an AV bypass vulnerability that impacts Norton, Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE), and Symantec Endpoint Protection Cloud (SEP Cloud) versions prior to specific releases.

The Impact of CVE-2018-12238

The vulnerability allows attackers to bypass the antivirus engine by altering scanned files, evading detection and potentially compromising the security of affected systems.

Technical Details of CVE-2018-12238

This section provides more technical insights into the vulnerability.

Vulnerability Description

The vulnerability enables attackers to bypass the antivirus engine by modifying scanned files, making them undetectable by altering the signature pattern used for identifying malicious files.

Affected Systems and Versions

        Norton: Versions prior to 22.15
        Symantec Endpoint Protection (SEP): Versions prior to 12.1.7454.7000 & 14.2
        Symantec Endpoint Protection Small Business Edition (SEP SBE): Versions prior to NIS-22.15.1.8 & SEP-12.1.7454.7000
        Symantec Endpoint Protection Cloud (SEP Cloud): Versions prior to 22.15.1

Exploitation Mechanism

The exploit works by altering the scanned file to evade detection, manipulating the signature pattern used by the antivirus engine to identify threats.

Mitigation and Prevention

Protecting systems from this vulnerability requires immediate actions and long-term security practices.

Immediate Steps to Take

        Update affected Symantec products to the latest versions that contain patches for this vulnerability.
        Implement additional security measures to complement antivirus protection.

Long-Term Security Practices

        Regularly update antivirus definitions and security patches.
        Conduct security audits and penetration testing to identify vulnerabilities.

Patching and Updates

        Symantec has released patches addressing this vulnerability. Ensure all affected products are updated to the patched versions to mitigate the risk of exploitation.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now