Symantec Endpoint Protection Manager < 11.0.7.4 / 12.1.2 RU2 (SYM14-001)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The version of Symantec Endpoint Protection Manager installed on the
remote host is affected by a remote privilege escalation vulnerability.

Description :

The version of Symantec Endpoint Protection Manager running on the
remote host is either 11.x prior to 11.0.7.4 or 12.x prior to 12.1.2
(RU2). It is, therefore, affected by a remote privilege escalation
vulnerability that could allow an authenticated, remote attacker to gain
administrator access.

See also :

http://www.nessus.org/u?04df6327

Solution :

Upgrade to 11.0.7.4 (11.x) / 12.1.2 RU2 (12.x) or later.

Risk factor :

High / CVSS Base Score : 7.4
(CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 71994 ()

Bugtraq ID: 64128

CVE ID: CVE-2013-5009