Lucene search

PRIOn knowledge basePRION:CVE-2007-2375

HistoryApr 30, 2007 - 11:19 p.m.

Code injection

2007-04-3023:19:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

87.8%

JSON

The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.

CPENameOperatorVersion
enterprise_security_managereq6.5.2
enterprise_security_managereq5.5.3
enterprise_security_managereq6.0
enterprise_security_managereq6.5.1
enterprise_security_managereq6.5

Name	Operator	Version
enterprise_security_manager	eq	6.5.2
enterprise_security_manager	eq	5.5.3
enterprise_security_manager	eq	6.0
enterprise_security_manager	eq	6.5.1
enterprise_security_manager	eq	6.5

References

secunia.com/advisories/24767

www.securityfocus.com/bid/23287

www.securitytracker.com/id?1017881

www.symantec.com/avcenter/security/Content/2007.04.05d.html

www.vupen.com/english/advisories/2007/1277

8.2 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

87.8%

JSON

Related for PRION:CVE-2007-2375

cve1