Detections
Analytics

Symantec Altiris Notification Server 6.0 < SP3 R12 Static Encryption Key

high Nessus Network Monitor Plugin ID 5330

Synopsis

The remote host is vulnerable to an information disclosure vulnerability.

Description

The remote host is running Symantec Altiris Notification Server 6.0 earlier than SP3 R12. Such versions are potentially affected by a local information disclosure vulnerability because the application uses a static encryption key for encrypted credentials entered by the administrator. An attacker, exploiting this flaw, could view unauthorized information or possibly execute code.

Solution

Upgrade to Altiris Notification Server 6.0 SP3 R12 or later.

See Also

http://www.nessus.org/u?887bac22

http://www.nessus.org/u?942c6f9b

Plugin Details

Severity: High

ID: 5330

Family: CGI

Published: 1/29/2010

Updated: 3/6/2019

Nessus ID: 44339

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:altiris_notification_server

Patch Publication Date: 1/28/2010

Vulnerability Publication Date: 1/28/2010

Reference Information

CVE: CVE-2009-3035

BID: 37953