Symantec Endpoint Protection Manager authentication bypass

2015-08-26T00:00:00
ID SAINT:3ADE9B24914B21C68E5E7502D7CE8FB9
Type saint
Reporter SAINT Corporation
Modified 2015-08-26T00:00:00

Description

Added: 08/26/2015
CVE: CVE-2015-1486
BID: 76074

Background

Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager (SEPM).

Problem

Symantec Endpoint Protection Manager is affected by an authentication bypass vulnerability in the **ResetPassword** action, as well as an authenticated arbitrary file write vulnerability. By exploiting these two vulnerabilities together, a remote, unauthenticated attacker could upload and execute a file containing arbitrary commands.

Resolution

Apply Symantec Endpoint Protection Manager 12.1-RU6-MP1 or higher.

References

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00
<http://codewhitesec.blogspot.com/2015/07/symantec-endpoint-protection.html>

Limitations

Exploit works on Symantec Endpoint Protection 12.1.

Platforms

Windows