• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos1 Stats

Norton Core may still be vulnerable?

I recently read a post about the vulnerability in Norton Core (https://twitter.com/_embedi_/status/991372172382875650). My device says it has firmware version 237, CVE-2018-5234 was fixed, but I didn't see any information about it in the announcement. My Core may still be vulnerable?

Labels: Firmware

Replies

Kudos0

Re: Norton Core may still be vulnerable?

Interesting. I haven't found anything even close to this "detailed" article on Core. The one thing that sticks out for me in the article is the parsing on the Core as a USB device as boot device, although failed. The others are Linux and PHP on the file system. UART being implemented on the BLE bluetooth as an attack vector. Passing this up to the Core team and see what the responses are. Good find and thanks for posting. @Gayathri_R

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.379 / NCSP 22.17.0.183 / Norton Core v.278 on Android 1.93
Kudos0

Re: Norton Core may still be vulnerable?

FYI!! https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20180430_00

According to this article the CVE was as you stated fixed with the current firmware v237.

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.379 / NCSP 22.17.0.183 / Norton Core v.278 on Android 1.93
Kudos0

Re: Norton Core may still be vulnerable?

Thank you for information. But what about "service pages"?

an unauthorized user can read general information about the router (firmware version, router serial number, assembly date, device temperature, MAC addresses, etc.), restart the device, reset it to factory settings, update firmware
Kudos0

Re: Norton Core may still be vulnerable?

Covered under the firmware release version 237 as those concerns were part of the CVE. I'm still awaiting feedback from the Norton team.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.379 / NCSP 22.17.0.183 / Norton Core v.278 on Android 1.93

This thread is closed from further comment. Please visit the forum to start a new thread.