{"api_version":"1","generated_at":"2026-05-06T05:47:16+00:00","cve":"CVE-2018-18363","urls":{"html":"https://cve.report/CVE-2018-18363","api":"https://cve.report/api/cve/CVE-2018-18363.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-18363","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-18363"},"summary":{"title":"CVE-2018-18363","description":"Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.","state":"PUBLIC","assigner":"secure@symantec.com","published_at":"2019-01-24 20:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106450","name":"106450","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Symantec Norton App Lock CVE-2018-18363 Local Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://support.symantec.com/en_US/article.SYMSA1473.html","name":"https://support.symantec.com/en_US/article.SYMSA1473.html","refsource":"CONFIRM","tags":["Mitigation","Vendor Advisory"],"title":"Norton App Lock Bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-18363","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18363","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"18363","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"norton_app_lock","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"18363","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"norton_app_lock","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@symantec.com","DATE_PUBLIC":"2019-01-09T00:00:00","ID":"CVE-2018-18363","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Norton App Lock","version":{"version_data":[{"version_value":"Prior to 1.4.0.445"}]}}]},"vendor_name":"Symantec Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"App lock bypass"}]}]},"references":{"reference_data":[{"name":"https://support.symantec.com/en_US/article.SYMSA1473.html","refsource":"CONFIRM","url":"https://support.symantec.com/en_US/article.SYMSA1473.html"},{"name":"106450","refsource":"BID","url":"http://www.securityfocus.com/bid/106450"}]}},"nvd":{"publishedDate":"2019-01-24 20:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.2,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.3,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:symantec:norton_app_lock:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.0.445","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"18363","Ordinal":"135280","Title":"CVE-2018-18363","CVE":"CVE-2018-18363","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"18363","Ordinal":"1","NoteData":"Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"18363","Ordinal":"2","NoteData":"2019-01-24","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"18363","Ordinal":"3","NoteData":"2019-01-25","Type":"Other","Title":"Modified"}]}}}