9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.952 High
EPSS
Percentile
99.1%
Added: 05/06/2009
CVE: CVE-2009-1431
BID: 34675
OSVDB: 54160
The Symantec Alert Management System 2 (AMS2) is used by multiple Symantec products. The Intel File Transfer service is a component of AMS2 which is used to aid communication between the core server and managed clients. It listens on port 12174/TCP.
Due to a design flaw, the Intel File Transfer service can be used to execute arbitrary commands without authentication.
Apply one of the solutions shown in SYM09-007.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786>
Exploit works on Symantec Alert Management System Intel File Transfer Service 6.12.0.130E.
The exploit must be able to bind to port 69/UDP on the SAINTexploit host.
Windows