Symantec Endpoint Protection Manager < 12.1 RU6 MP1 Multiple Vulnerabilities (SYM15-007)

high Nessus Plugin ID 85351

Synopsis

An application running on the remote host is affected by multiple vulnerabilities.

Description

The version of Symantec Endpoint Protection Manager (SEPM) running on the remote host is prior to 12.1 RU6 MP1. It is, therefore, affected by the following vulnerabilities :

- A flaw exists in the password reset functionality that allows a remote attacker, using a crafted password reset action, to generate a new administrative session, thus bypassing authentication. (CVE-2015-1486)

- A flaw exists related to filename validation in a console session that allows an authenticated, remote attacker to write arbitrary files. (CVE-2015-1487)

- An unspecified flaw exists that allows an authenticated, remote attacker to manipulate SEPM services and gain elevated privileges. (CVE-2015-1489)

Nessus attempts to use the authentication bypass flaw in conjunction with the arbitrary file upload and path traversal flaws to test the issue on the remote server. If this test succeeds, it is likely that the application is also affected by other vulnerabilities, including a SQL Injection.

Solution

Upgrade to Symantec Endpoint Protection Manager 12.1 RU6 MP1 or later.

See Also

http://www.nessus.org/u?135bc3c2

http://www.nessus.org/u?647383e8

Plugin Details

Severity: High

ID: 85351

File Name: symantec_endpoint_prot_mgr_sym15-007_remote.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 8/13/2015

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 7

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:symantec:endpoint_protection_manager

Required KB Items: installed_sw/sep_mgr

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 7/30/2015

Vulnerability Publication Date: 7/30/2015

Exploitable With

Core Impact

Metasploit (Symantec Endpoint Protection Manager Authentication Bypass and Code Execution)

Elliot (Symantec Endpoint Protection Manager File Upload)

Reference Information

CVE: CVE-2015-1486, CVE-2015-1487, CVE-2015-1489

BID: 76074, 76078, 76094