Symantec Endpoint Protection Manager Java Object Deserialization RCE (SYM15-011)

high Nessus Plugin ID 87505

Synopsis

An application running on the remote host is affected by an arbitrary command execution vulnerability.

Description

The remote Symantec Endpoint Protection Manager server is affected by a remote command execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted multipart HTTP POST request, to execute arbitrary commands on the target host.

Solution

Upgrade to Symantec Endpoint Protection Manager 12.1 RU6 MP3 or later.

See Also

http://www.nessus.org/u?41466b33

http://www.nessus.org/u?9c6d83db

Plugin Details

Severity: High

ID: 87505

File Name: symantec_endpoint_prot_mgr_2015_6554.nasl

Version: 1.10

Type: remote

Family: Web Servers

Published: 12/18/2015

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-6554

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:endpoint_protection_manager

Required KB Items: installed_sw/sep_mgr

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 11/9/2015

Vulnerability Publication Date: 1/28/2015

Reference Information

CVE: CVE-2015-6554

BID: 77494

CERT: 576313