Symantec Endpoint Protection Manager < 12.1 RU5 Multiple Vulnerabilities (SYM14-015)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The version of Symantec Endpoint Protection Manager installed on the
remote host is affected by multiple vulnerabilities.

Description :

The version of Symantec Endpoint Protection Manager (SEPM) installed
on the remote host is 12.1 prior to 12.1 RU5. It is, therefore,
affected by the following vulnerabilities :

- An XML external entity (XXE) injection vulnerability due
to improper validation of XML external entities. A
remote attacker, impersonating the input source of
external information or updates, can access restricted
data or leverage additional management console
functionality using specially crafted XML data.
(CVE-2014-3437)

- A reflected cross-site scripting vulnerability due to
improper validation of user-supplied input to the
'ErrorMsg' parameter in 'SSO-Error.jsp'. This allows a
remote attacker, with a specially crafted request, to
execute arbitrary script code within the browser /
server trust relationship. (CVE-2014-3438)

- An arbitrary file write vulnerability in the
'ConsoleServlet' due to improper filtering of
user-supplied data to the logging component. This allows
a remote attacker to write arbitrary code to the log
file or disk, potentially causing a denial of
service or unauthorized elevated access.
(CVE-2014-3439)

See also :

http://www.nessus.org/u?a717919b

Solution :

Upgrade to Symantec Endpoint Protection Manager 12.1.5 (RU5) or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 79083 ()

Bugtraq ID: 70843
70844
70845

CVE ID: CVE-2014-3437
CVE-2014-3438
CVE-2014-3439

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now