CVE-2017-15530
low-risk
Published 2017-12-13
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.
Do I need to act?
-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10
Low
LOCAL
/ LOW complexity
Affected Products (1)
Norton Family
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/102120
Third Party Advisory
http://www.securityfocus.com/bid/102120
18
/ 100
low-risk
Severity
13/34 · Low
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal