Detections
Analytics
Symantec Critical System Protection 5.2.9.x < 5.2.9 MP6 Multiple Vulnerabilities (SYM15-001 / SYM16-009)
high Nessus Plugin ID 80911
Language:
Synopsis
The remote windows host has a security application installed that is affected by multiple vulnerabilities.Description
The version of Symantec Critical System Protection (SCSP) installed on the remote Windows host is 5.2.9.x prior to 5.2.9 MP6. It is, therefore, affected by multiple vulnerabilities :- A remote code execution vulnerability exists in the Management Server Agent Control Interface due to improper sanitization of user-uploaded files. An authenticated, remote attacker can exploit this, by uploading a log file, to execute arbitrary script code with the privileges of the web server. (CVE-2014-3440)
- A SQL injection (SQLi) vulnerability exists in the management server due to the /sis-ui/authenticate script not properly sanitizing user-supplied input to the 'ai' POST parameter. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the manipulation or disclosure of arbitrary data. (CVE-2014-7289)
- Multiple cross-site scripting (XSS) vulnerabilities exist in the management server in the WCUnsupportedClass.jsp script and SSO-Error.jsp script due to improper validation of user-supplied input to the 'classname' and 'ErrorMsg' GET parameters. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2014-9224)
- An information disclosure vulnerability exists in the management server due to a failure to properly restrict internal server information. An authenticated, remote attacker can exploit this, via a direct request to the environment.jsp script, to disclose sensitive server information. (CVE-2014-9225)
- A privilege escalation vulnerability exists due to a failure to sufficiently restrict access to certain host functionality. A local attacker can exploit this to bypass protection policies and gain elevated privileges.
(CVE-2014-9226)
- A SQL injection (SQLi) vulnerability exists in the management server due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the manipulation or disclosure of arbitrary data. (CVE-2015-8157)
- A path traversal issue exists due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code.
(CVE-2015-8798)
- A path traversal issue exists that allows an authenticated, remote attacker to write update-package data to arbitrary agent locations, resulting in the execution of arbitrary code. (CVE-2015-8799)
- An unspecified flaw exists that is triggered when handling process calls written to a specific named pipe.
An authenticated, remote attacker can exploit this to inject arbitrary arguments. (CVE-2015-8800)
Solution
Upgrade to Symantec Critical System Protection 5.2.9 MP6 or later.Alternatively, apply the workarounds referenced in the vendor advisories.
See Also
Plugin Details
Severity: High
ID: 80911
File Name: symantec_critical_system_protection_sym15-001.nasl
Version: 1.12
Type: local
Agent: windows
Family: Windows
Published: 1/22/2015
Updated: 11/25/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2014-3440
Vulnerability Information
CPE: cpe:/a:symantec:critical_system_protection
Required KB Items: installed_sw/Symantec Critical System Protection
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/19/2015
Vulnerability Publication Date: 1/19/2015
Reference Information
CVE: CVE-2014-3440, CVE-2014-7289, CVE-2014-9224, CVE-2014-9225, CVE-2014-9226, CVE-2015-8157, CVE-2015-8798, CVE-2015-8799, CVE-2015-8800
BID: 72091, 72092, 72093, 72094, 72095, 90884, 90885, 90886, 90889