Symantec Endpoint Protection Manager < 12.1 RU6 MP3 Multiple Vulnerabilities (SYM15-011)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The version of Symantec Endpoint Protection Manager installed on the
remote host is affected by multiple vulnerabilities.

Description :

The version of Symantec Endpoint Protection Manager (SEPM) installed
on the remote host is prior to 12.1 RU6 MP3. It is, therefore,
affected by the following vulnerabilities :

- A local privilege escalation vulnerability exists due to
an untrusted search path flaw. A local attacker can
exploit this, via a trojan DLL in a client install
package, to gain privileges. (CVE-2015-1492,
CVE-2015-8113)

- A remote command execution vulnerability exists due to
an unspecified flaw in the management console. An
unauthenticated, remote attacker can exploit this, via a
specially crafted request, to execute arbitrary Java
commands. (CVE-2015-6554)

- An arbitrary code execution vulnerability exists due to
an unspecified flaw in the management console. An
authenticated, remote attacker can exploit this by
connecting to the console Java port, to execute
arbitrary code with administrator privileges.
(CVE-2015-6555)

See also :

http://www.nessus.org/u?ec8306d3

Solution :

Upgrade to Symantec Endpoint Protection Manager 12.1 RU6 MP3 or later.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 86873 ()

Bugtraq ID: 76083
77494
77495

CVE ID: CVE-2015-1492
CVE-2015-6554
CVE-2015-6555
CVE-2015-8113

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now