CVE-2017-15529 - Vulnerability Details

Vendors	Products
Symantec	Norton Family

Link	Providers
http://www.securityfocus.com/bid/102119
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Norton Family Android App", "vendor": "Symantec Corporation", "versions": [{"status": "affected", "version": "Prior to 4.4.1.10"}]}], "datePublic": "2017-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-14T10:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"name": "102119", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102119"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2017-12-13T00:00:00", "ID": "CVE-2017-15529", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Norton Family Android App", "version": {"version_data": [{"version_value": "Prior to 4.4.1.10"}]}}]}, "vendor_name": "Symantec Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "102119", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102119"}, {"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00", "refsource": "CONFIRM", "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:57:26.339Z"}, "title": "CVE Program Container", "references": [{"name": "102119", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102119"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2017-15529", "datePublished": "2017-12-13T19:00:00Z", "dateReserved": "2017-10-17T00:00:00", "dateUpdated": "2024-09-16T23:30:23.286Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Norton Family Android App (string)

vendor : Symantec Corporation (string)

versions : [ »

0 : { »

status : affected (string)

version : Prior to 4.4.1.10 (string)

}

]

}

]

datePublic : 2017-12-13T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Denial of Service (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-12-14T10:57:01 (string)

orgId : 80d3bcb6-88de-48c2-a47e-aebf795f19b5 (string)

shortName : symantec (string)

}

references : [ »

0 : { »

name : 102119 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/102119 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@symantec.com (string)

DATE_PUBLIC : 2017-12-13T00:00:00 (string)

ID : CVE-2017-15529 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Norton Family Android App (string)

version : { »

version_data : [ »

0 : { »

version_value : Prior to 4.4.1.10 (string)

}

]

}

]

}

vendor_name : Symantec Corporation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Denial of Service (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 102119 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/102119 (string)

}

1 : { »

name : https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00 (string)

refsource : CONFIRM (string)

url : https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T19:57:26.339Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 102119 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/102119 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 80d3bcb6-88de-48c2-a47e-aebf795f19b5 (string)

assignerShortName : symantec (string)

cveId : CVE-2017-15529 (string)

datePublished : 2017-12-13T19:00:00Z (string)

dateReserved : 2017-10-17T00:00:00 (string)

dateUpdated : 2024-09-16T23:30:23.286Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:norton_family:*:*:*:*:*:android:*:*", "matchCriteriaId": "11181A75-E828-474B-9315-0A5F16D13A38", "versionEndExcluding": "4.4.1.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network."}, {"lang": "es", "value": "Antes de la versi\u00f3n 4.4.1.10, Norton Family Android App puede ser susceptible a un exploit de Denegaci\u00f3n de servicio (DoS). Durante un ataque DoS, el infractor intenta hacer que un dispositivo en concreto se vuelva inutilizable para su usuario planeado mediante la interrupci\u00f3n temporal o indefinida de un host espec\u00edfico en una red."}], "id": "CVE-2017-15529", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-13T19:29:00.223", "references": [{"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102119"}, {"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:symantec:norton_family:*:*:*:*:*:android:*:* (string)

matchCriteriaId : 11181A75-E828-474B-9315-0A5F16D13A38 (string)

versionEndExcluding : 4.4.1.10 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network. (string)

}

1 : { »

lang : es (string)

value : Antes de la versión 4.4.1.10, Norton Family Android App puede ser susceptible a un exploit de Denegación de servicio (DoS). Durante un ataque DoS, el infractor intenta hacer que un dispositivo en concreto se vuelva inutilizable para su usuario planeado mediante la interrupción temporal o indefinida de un host específico en una red. (string)

}

]

id : CVE-2017-15529 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 2.1 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.5 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-12-13T19:29:00.223 (string)

references : [ »

0 : { »

source : secure@symantec.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/102119 (string)

}

1 : { »

source : secure@symantec.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/102119 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00 (string)

}

]

sourceIdentifier : secure@symantec.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-400 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object