Symantec Endpoint Protection Manager < 12.1 RU1 MP1 (SYM12-008) (credentialed check)
Critical Nessus Plugin ID 59367
SynopsisThe endpoint management application installed on the remote Windows host has multiple vulnerabilities.
DescriptionThe version of Symantec Endpoint Protection Manager installed on the remote host is less than 12.1 RU1 MP1 (12.1.1101) and has the following vulnerabilities :
- An arbitrary file deletion issue exists via directory traversal attacks. (CVE-2012-0294)
- A file inclusion vulnerability exists that could result in arbitrary code execution as SYSTEM. (CVE-2012-0295)
SolutionUpgrade to Symantec Endpoint Protection 12.1 RU1 MP1 or later.