Symantec Encryption Desktop Multiple Vulnerabilities (SYMSA1485)

Medium Nessus Plugin ID 126625


The remote host has a data encryption application installed that is affected by multiple privilege escalation vulnerabilities.


The version of Symantec Encryption Desktop installed on the remote host is affected by two privilege escalation vulnerabilities. A local attacker could exploit these vulnerabilities to gain elevated access to the system.


Follow vendor guidance provided within the advisory.

See Also

Plugin Details

Severity: Medium

ID: 126625

File Name: symantec_encryption_desktop_symsa1485.nasl

Version: 1.2

Type: local

Family: General

Published: 2019/07/11

Updated: 2019/10/18

Dependencies: 77404, 77405

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2019-9702

CVSS v2.0

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:encryption_desktop, cpe:/a:symantec:pgp_desktop

Required KB Items: installed_sw/Symantec Encryption Desktop, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/06/17

Vulnerability Publication Date: 2019/06/17

Reference Information

CVE: CVE-2019-9702, CVE-2019-9703

BID: 108795, 108796