CVE-2014-3440

2015-01-2115:17:00

CWE-20

[email protected]

web.nvd.nist.gov

symantec

scsp

cve-2014-3440

nvd

security

data center security

7.3 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

52.2%

JSON

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.

CPENameOperatorVersion
broadcom:symantec_critical_system_protectionbroadcom symantec critical system protectioneq5.2.9
symantec:data_center_securitysymantec data center securityeq6.0.0

CPE	Name	Operator	Version
broadcom:symantec_critical_system_protection	broadcom symantec critical system protection	eq	5.2.9
symantec:data_center_security	symantec data center security	eq	6.0.0