CVE-2017-15528

Name: CVE-2017-15528
Creator: NVD / NIST
Published: 2017-11-22T18:29:00.663+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 3.7/10EPSS 0.61%

Last modified Jun 17, 2026

CVE-2017-15528 is a low-severity vulnerability rated 3.7/10 on the CVSS scale. Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.. EPSS estimates a 0.61% chance of exploitation in the next 30 days.

Description

Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.

Metrics

CVSS 3.1

3.7/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Probability

0.61%

44.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-295

Affected Software

Vendor	Product	Versions
Norton	Install Norton Security	< 7.6

References

http://www.securityfocus.com/bid/101796Third Party Advisory, VDB Entry
https://www.info-sec.ca/advisories/Norton-Security.htmlThird Party Advisory
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00Vendor Advisory
http://www.securityfocus.com/bid/101796Third Party Advisory, VDB Entry
https://www.info-sec.ca/advisories/Norton-Security.htmlThird Party Advisory
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00Vendor Advisory

Timeline

Published: Nov 22, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-15528?

How severe is CVE-2017-15528?

CVE-2017-15528 has a CVSS score of 3.7/10 (LOW severity). The EPSS model estimates a 0.61% probability of exploitation in the next 30 days.

How do I fix CVE-2017-15528?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-15528?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST