Symantec Endpoint Protection Manager < 12.1 RU6 MP4 Multiple Vulnerabilities (SYM16-003)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The version of Symantec Endpoint Protection Manager installed on the
remote host is affected by multiple vulnerabilities.

Description :

The version of Symantec Endpoint Protection Manager (SEPM) installed
on the remote host is prior to 12.1 RU6 MP4. It is, therefore,
affected by the following vulnerabilities :

- A cross-site request forgery (XSRF) vulnerability exists
due to HTTP requests to logging scripts not requiring
multiple steps, explicit confirmation, or a unique token
when performing certain sensitive actions. A remote
attacker can exploit this by convincing a user to follow
a specially crafted link, resulting in the execution of
arbitrary code. (CVE-2015-8152)

- A SQL injection vulnerability exists due to improper
sanitization of input before using it in SQL queries. An
authenticated, remote attacker can exploit this to
inject or manipulate SQL queries on the back-end
database, resulting in the manipulation and disclosure
of arbitrary data. (CVE-2015-8153)

See also :

http://www.nessus.org/u?e94f36bc

Solution :

Upgrade to Symantec Endpoint Protection Manager 12.1 RU6 MP4 or later.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 90200 ()

Bugtraq ID: 84343
84354

CVE ID: CVE-2015-8152
CVE-2015-8153

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now