{"api_version":"1","generated_at":"2026-05-06T05:47:10+00:00","cve":"CVE-2017-15534","urls":{"html":"https://cve.report/CVE-2017-15534","api":"https://cve.report/api/cve/CVE-2017-15534.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-15534","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-15534"},"summary":{"title":"CVE-2017-15534","description":"The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access.","state":"PUBLIC","assigner":"secure@symantec.com","published_at":"2018-03-26 16:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20180326_00","name":"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20180326_00","refsource":"CONFIRM","tags":["Mitigation","Vendor Advisory"],"title":"Broadcom Support Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/103377","name":"103377","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Symantec Norton App Lock for Android CVE-2017-15534 Local Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-15534","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15534","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"15534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"norton_app_lock","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15534","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"norton_app_lock","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@symantec.com","DATE_PUBLIC":"2018-03-26T00:00:00","ID":"CVE-2017-15534","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Norton App Lock","version":{"version_data":[{"version_value":"Prior to version 1.3.0.13"}]}}]},"vendor_name":"Symantec Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Authentication bypass"}]}]},"references":{"reference_data":[{"name":"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20180326_00","refsource":"CONFIRM","url":"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20180326_00"},{"name":"103377","refsource":"BID","url":"http://www.securityfocus.com/bid/103377"}]}},"nvd":{"publishedDate":"2018-03-26 16:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:symantec:norton_app_lock:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.0.13","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"15534","Ordinal":"113038","Title":"CVE-2017-15534","CVE":"CVE-2017-15534","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"15534","Ordinal":"1","NoteData":"The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"15534","Ordinal":"2","NoteData":"2018-03-26","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"15534","Ordinal":"3","NoteData":"2018-03-27","Type":"Other","Title":"Modified"}]}}}