CVE-2017-15528
First published: Wed Nov 22 2017(Updated: )
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.
Credit: secure@symantec.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Norton Install Norton Security | <7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-15528?
CVE-2017-15528 is a vulnerability in the Install Norton Security (INS) product that allows for certificate spoofing.
How does the certificate spoofing vulnerability work?
The certificate spoofing vulnerability in the Install Norton Security (INS) product occurs when a maliciously procured certificate binds the public key of an attacker to the domain name of the target.
What is the severity of CVE-2017-15528?
The severity of CVE-2017-15528 is medium with a CVSS score of 3.7.
Which version of the Install Norton Security (INS) product is affected by CVE-2017-15528?
Prior to version 7.6, the Install Norton Security (INS) product is affected by CVE-2017-15528.
How can I fix the certificate spoofing vulnerability in the Install Norton Security (INS) product?
To fix the certificate spoofing vulnerability, it is recommended to upgrade to version 7.6 or higher of the Install Norton Security (INS) product.
- collector/nvd-index
- vendor/norton
- product/install norton security
- canonical/norton install norton security