NVD Vulnerability Detail

CVE-2017-15528

Summary	Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.
Publication Date	Nov. 23, 2017, 3:29 a.m.
Registration Date	Jan. 26, 2021, 1:17 p.m.
Last Update	Nov. 21, 2024, 12:14 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:norton:install_norton_security::::::macos::*					7.6

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/101796	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/101796	Third Party Advisory VDB Entry
3	https://www.info-sec.ca/advisories/Norton-Security.html	Third Party Advisory
4	https://www.info-sec.ca/advisories/Norton-Security.html	Third Party Advisory
5	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00	Vendor Advisory
6	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-295	不正な証明書検証	https://cwe.mitre.org/data/definitions/295.html

JVN Vulnerability Information

Install Norton Security for Mac における SSL サーバ証明書の検証不備の脆弱性

Title	Install Norton Security for Mac における SSL サーバ証明書の検証不備の脆弱性
Summary	Install Norton Security for Mac には、SSL サーバ証明書の検証不備の脆弱性が存在します。証明書の検証不備 (CWE-295) - CVE-2017-15528 Install Norton Security for Mac は、Norton for Mac のインストーラです。Install Norton Security for Mac では HTTPS 通信時の SSL サーバ証明書の検証が正しく行われないため、中間者攻撃 (man-in-the-middle attack) が行われる可能性があります
Possible impacts	中間者攻撃 (man-in-the-middle attack) によって、HTTPS 通信で取得するコンテンツを偽装される可能性があります。
Solution	[アップデートする] 開発者が提供する最新版のインストーラを使用してください。本脆弱性は Install Norton Security for Mac バージョン 7.6 で対策されています。詳細は、開発者が提供する情報をご確認ください。情報 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00
Publication Date	Nov. 21, 2017, midnight
Registration Date	Nov. 24, 2017, 2:47 p.m.
Last Update	Nov. 24, 2017, 2:47 p.m.

Affected System

シマンテック

Install Norton Security for MAC バージョン 7.6 より前のバージョン

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-15528	https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15528
National Vulnerability Database (NVD)
2	CVE-2017-15528	https://nvd.nist.gov/vuln/detail/CVE-2017-15528

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-295	https://cwe.mitre.org/data/definitions/295.html

ベンダー情報

No	Name	URL
Symantec Corporation
1	Download Free Trials of Norton Security Software \| Norton	https://us.norton.com/downloads
Symantec Security Advisory
2	[SYM17-014] Security Advisories Relating to Symantec Products - Install Norton Security Certificate Spoof	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00

その他

Change Log

No	Changed Details	Date of change
0	[2017年11月24日] 掲載	Feb. 17, 2018, 10:37 a.m.