What is CVE-2022-37017?

A high-severity vulnerability exists in Broadcom's Symantec Endpoint Protection software, allowing potential circumvention of security controls. Immediate action is recommended to mitigate risks.

What is the severity of CVE-2022-37017?

CVE-2022-37017 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2022-37017 | High Vulnerability in Broadcom Symantec Endpoint Protection

The vulnerability identified as CVE-2022-37017 affects Broadcom's Symantec Endpoint Protection (Windows) agent versions prior to 14.3 RU6/14.3 RU5 Patch 1. This vulnerability allows for a Security Control Bypass, enabling threat actors to potentially circumvent existing security measures. The impact is particularly concerning for users who have enabled password protection for the Client User Interface and the Policy Import/Export features.

With a CVSS score of 7.5, this vulnerability is classified as high severity. Organizations using affected versions are at significant risk, as the attack vector is network-based, and the complexity is considered low. Therefore, attackers may exploit this vulnerability without the need for any privileges or user interaction.

Risk to organizations includes potential unauthorized access to sensitive configurations, which can lead to further exploitation or data breaches. Given the current threat landscape, organizations should prioritize patching immediately to safeguard their systems.

As of now, this vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) catalog, but there are indications that exploitation may occur. Security teams must remain vigilant and update their defenses accordingly.

Vulnerability Details

The official description states that the Symantec Endpoint Protection (Windows) agent, prior to version 14.3 RU6 and 14.3 RU5 Patch 1, is susceptible to a Security Control Bypass vulnerability. This issue can allow threat actors to bypass existing security controls, impacting the Client User Interface Password protection and Policy Import/Export Password protection if enabled.

This vulnerability has a CVSS score of 7.5, indicating high severity. The attack vector is network-based, and the attack complexity is low. Importantly, no privileges are required, nor is user interaction necessary, making it easier for attackers to exploit.

The affected product is Broadcom's Symantec Endpoint Protection, and the vulnerability was published on December 1, 2022. The CWE classification is currently not specified.

Technical Analysis

The root cause of CVE-2022-37017 is a failure in implementing adequate security controls within the Symantec Endpoint Protection software. This vulnerability exposes the application to security control bypass, allowing unauthorized access to sensitive settings without proper authentication.

The attack vector for this vulnerability is network-based, meaning that attackers can exploit it remotely. The attack complexity is characterized as low, indicating that an attacker can exploit this vulnerability with minimal effort. Importantly, this vulnerability requires no privileges or user interaction, which only increases the risk of exploitation.

In terms of impact, the confidentiality impact is noted as none, while the integrity impact is high. There are no implications for availability. This highlights the potential for significant data manipulation or unauthorized changes to configurations, without directly compromising data confidentiality.

Risk & Impact Analysis

The real-world risk posed by CVE-2022-37017 is significant, particularly for organizations relying on Broadcom's Symantec Endpoint Protection for their security posture. The ability to bypass security controls can lead to unauthorized access to critical security configurations, potentially leading to further exploitation or data breaches.

Given the high CVSS score of 7.5, organizations must prioritize remediation efforts. The potential blast radius is considerable, as multiple systems using the affected software could be at risk, exposing sensitive data and configurations to malicious actors.

The urgency of addressing this vulnerability is underscored by its exploitability status, as there is evidence of potential exploitation in the wild. Organizations should address in priority patch cycle to mitigate risks associated with this vulnerability.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of Broadcom's Symantec Endpoint Protection prior to 14.3 RU6 and 14.3 RU5 Patch 1 are affected by this vulnerability. Organizations should check their systems to confirm whether they are running vulnerable versions.

Mitigation & Remediation

Broadcom has released patches to address this vulnerability. Organizations should upgrade to at least version 14.3 RU6 or 14.3 RU5 Patch 1 to mitigate the risks associated with CVE-2022-37017. If immediate patching is not feasible, organizations should implement configuration hardening measures to restrict access to the affected functionalities.

Organizations may also consider additional security measures, such as monitoring network traffic for unusual activities and conducting regular security assessments. More information can be found in our guide on continuous penetration testing to verify the effectiveness of security controls.

Detection Guidance

Organizations should monitor logs for indicators of exploitation attempts related to CVE-2022-37017. Key indicators include any unauthorized access attempts to the Client User Interface and the Policy Import/Export functionalities. Behavioral anomalies in user access patterns should also be flagged for further investigation.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2022-37017 lies in its potential to undermine security controls that organizations rely on. This vulnerability highlights the need for continuous monitoring and updating of security protocols.

The pattern of vulnerabilities allowing security control bypass is a recurring concern. Organizations should implement lessons learned from this incident to strengthen their security frameworks. For further guidance, consider reviewing our vulnerability management program to proactively address similar risks.

Additionally, the implications of this vulnerability emphasize the importance of conducting regular security audits. Utilizing resources such as our penetration testing methodology can help organizations identify and remediate security gaps effectively.

In conclusion, CVE-2022-37017 serves as a reminder of the importance of maintaining strong security protocols and the need for organizations to remain vigilant against evolving threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-37017: High Vulnerability in Broadcom Symantec Endpoint Protection