Lucene search

[email protected]CVE-2013-5009

HistoryJan 10, 2014 - 4:47 p.m.

CVE-2013-5009

2014-01-1016:47:05

CWE-287

[email protected]

web.nvd.nist.gov

symantec

endpoint protection

authentication

vulnerability

cve-2013-5009

7.4 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.2%

JSON

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.

Affected configurations

NVD

Node

symantecendpoint_protectionRange≤11.0.7.3

symantecendpoint_protectionMatch11.0

symantecendpoint_protectionMatch11.0ru5

symantecendpoint_protectionMatch11.0ru6

symantecendpoint_protectionMatch11.0ru6a

symantecendpoint_protectionMatch11.0ru6mp1

symantecendpoint_protectionMatch11.0ru6mp2

symantecendpoint_protectionMatch11.0.1

symantecendpoint_protectionMatch11.0.1mp1

symantecendpoint_protectionMatch11.0.1mp2

symantecendpoint_protectionMatch11.0.2

symantecendpoint_protectionMatch11.0.2mp1

symantecendpoint_protectionMatch11.0.2mp2

symantecendpoint_protectionMatch11.0.4

symantecendpoint_protectionMatch11.0.4mp1a

symantecendpoint_protectionMatch11.0.4mp2

symantecendpoint_protectionMatch11.0.3001

symantecendpoint_protectionMatch11.0.6000

symantecendpoint_protectionMatch11.0.6100

symantecendpoint_protectionMatch11.0.6200

symantecendpoint_protectionMatch11.0.6200.754

symantecendpoint_protectionMatch11.0.6300

symantecendpoint_protectionMatch11.0.7000

symantecendpoint_protectionMatch11.0.7100

CPENameOperatorVersion
symantec:endpoint_protectionsymantec endpoint protectionle11.0.7.3
symantec:endpoint_protectionsymantec endpoint protectioneq11.0
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.1
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.2
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.4
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.3001
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6000
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6100
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6200
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6200.754

CPE	Name	Operator	Version
symantec:endpoint_protection	symantec endpoint protection	le	11.0.7.3
symantec:endpoint_protection	symantec endpoint protection	eq	11.0
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.1
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.2
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.4
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.3001
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6000
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6100
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6200
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6200.754