CVE-2017-13681

Name: CVE-2017-13681
Creator: NVD / NIST
Published: 2017-11-06T23:29:00.25+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.43%

Last modified Jun 17, 2026

CVE-2017-13681 is a vulnerability of currently unknown severity. Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.

Description

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.

Metrics

EPSS Probability

0.43%

34.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Symantec	Endpoint Protection	< 12.1	M9

References

http://www.securityfocus.com/bid/101504Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039775Third Party Advisory, VDB Entry
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00Issue Tracking, Third Party Advisory
http://www.securityfocus.com/bid/101504Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039775Third Party Advisory, VDB Entry
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00Issue Tracking, Third Party Advisory

Timeline

Published: Nov 6, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-13681?

How severe is CVE-2017-13681?

Severity scoring for CVE-2017-13681 is pending analysis. The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.

How do I fix CVE-2017-13681?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-13681?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST