{"vuid":"VU#681983","idnumber":"681983","name":"Install Norton Security for Mac does not verify SSL certificates","keywords":["SSL validation","CWE-295"],"overview":"Install Norton Security for Mac, prior to version 7.6, does not validate SSL certificates.","clean_desc":"CWE-295: Improper Certificate Validation - CVE-2017-15528\nThe Install Norton Security for Mac installer, versions prior to 7.6,  fails to properly validate SSL certificates provided by HTTPS connections, which can allow an attacker to obtain a Man-in-the-Middle position.","impact":"An attacker with a Man-in-the-Middle position can spoof content retrieved using HTTPS.","resolution":"Use Updated Installer\nSymantec has released an updated installer, version 7.6, to address the vulnerability. Please see more information at Symantec's advisory.","workarounds":"","sysaffected":"","thanks":"Thanks to David for reporting this vulnerability.","author":"This document was written by Trent Novelly.","public":["https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00","https://us.norton.com/downloads"],"cveids":["CVE-2017-15528"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2017-09-29T22:29:42Z","publicdate":"2017-11-21T00:00:00Z","datefirstpublished":"2017-11-21T21:21:56Z","dateupdated":"2017-11-21T21:21:57Z","revision":10,"vrda_d1_directreport":"1","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"H","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5.1","cvss_basevector":"AV:N/AC:H/Au:N/C:P/I:P/A:P","cvss_temporalscore":"5.1","cvss_environmentalscore":"1.2750738931875","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}