SAINT CorporationSAINT:3ADE9B24914B21C68E5E7502D7CE8FB9Symantec Endpoint Protection Manager authentication bypass
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.616 Medium
EPSS
Percentile
97.8%
Added: 08/26/2015
CVE: CVE-2015-1486
BID: 76074
Background
Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager (SEPM).
Problem
Symantec Endpoint Protection Manager is affected by an authentication bypass vulnerability in the **ResetPassword** action, as well as an authenticated arbitrary file write vulnerability. By exploiting these two vulnerabilities together, a remote, unauthenticated attacker could upload and execute a file containing arbitrary commands.
Resolution
Apply Symantec Endpoint Protection Manager 12.1-RU6-MP1 or higher.
References
[http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 ](<http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00
>)
<http://codewhitesec.blogspot.com/2015/07/symantec-endpoint-protection.html>
Limitations
Exploit works on Symantec Endpoint Protection 12.1.
Platforms
Windows
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.616 Medium
EPSS
Percentile
97.8%