CVE-2017-15526

medium

Published 2017-11-13 · Modified 2026-05-13

CVSS v3

6.8

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2

5.2

VIR risk

6.8

Description

Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.

Predictions

Exploit likelihood

67%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secure@symantec.com — https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00

Application impact

Vendor	Product	Versions	Fixed
symantec	endpoint_encryption	`{"endIncluding":"11.1.3"}`

References

http://www.securityfocus.com/bid/101698
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00
http://www.securityfocus.com/bid/101698
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00

CWEs

CWE-476

Verify integrity in audit chain (admin only). AS-IS.