Detections
Analytics
Symantec Endpoint Protection Manager < 11.0 RU7-MP4a / 12.1 RU4a Multiple Vulnerabilities (SYM14-004)
high Nessus Plugin ID 72542
Language:
Synopsis
The version of Symantec Endpoint Protection Manager installed on the remote host is affected by multiple vulnerabilities.Description
The version of Symantec Endpoint Protection Manager (SEPM) running on the remote host is either 11.x prior to 11.0 RU7-MP4a or 12.x prior to 12.1 RU4a. It is, therefore, affected by multiple vulnerabilities:- SEPM is affected by an XML external entity injection vulnerability due to a failure to properly sanitize user-supplied input. A remote, unauthenticated attacker could potentially exploit this vulnerability to read arbitrary files. (CVE-2013-5014)
- SEPM is affected by a SQL injection vulnerability due to a failure to properly sanitize user-supplied input. A locally authenticated user could potentially exploit this vulnerability to execute arbitrary SQL commands against the back-end database. (CVE-2013-5015)
Solution
Upgrade to 11.0 RU7-MP4a / 12.1 RU4a or later.See Also
https://www.securityfocus.com/archive/1/531128/30/0/threaded
Plugin Details
Severity: High
ID: 72542
File Name: symantec_endpoint_prot_mgr_sym14-004.nasl
Version: 1.11
Type: local
Agent: windows
Family: Windows
Published: 2/17/2014
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:symantec:endpoint_protection_manager
Required KB Items: SMB/sep_manager/path, SMB/sep_manager/ver
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/13/2014
Vulnerability Publication Date: 2/13/2014
Exploitable With
Metasploit (Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution)
Reference Information
CVE: CVE-2013-5014, CVE-2013-5015