Symantec Endpoint Protection Manager < 12.1 RU6 Multiple Vulnerabilities (SYM15-005)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The version of Symantec Endpoint Protection Manager installed on the
remote host is affected by multiple vulnerabilities.

Description :

The version of Symantec Endpoint Protection Manager (SEPM) installed
on the remote host is prior to 12.1 RU6. It is, therefore, affected by
the following vulnerabilities :

- A DLL injection vulnerability exists due to improper
path restrictions when loading DLLs. An authenticated,
local attacker can exploit this to insert malicious DLL
files, resulting in the execution of arbitrary code with
system permissions. (CVE-2014-9227)

- A denial of service vulnerability exists due to a
deadlock condition in the 'sysplant.sys' file. A local
attacker can exploit this by using a specially formatted
call to cause the Windows system to be unable to fully
shut down. Resolution of this condition requires a hard
power cycle to restart the system. (CVE-2014-9228)

- A blind SQL injection vulnerability exists due to the
improper validation of input to scripts used by the
management console. An authenticated, remote attacker
can exploit this, using arbitrary SQL queries, to access
or modify data in the back-end database. (CVE-2014-9229)

See also :

http://www.nessus.org/u?4a0b15fd

Solution :

Upgrade to Symantec Endpoint Protection Manager 12.1 RU6 or later.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 84368 ()

Bugtraq ID: 75202
75203
75204

CVE ID: CVE-2014-9227
CVE-2014-9228
CVE-2014-9229

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now