Summary
The host is installed with Symantec Endpoint Protection Manager and is prone to XXE and SQL injection vulnerabilities.
Impact
Successful exploitation will allow attackers to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
Impact Level: System/Application
Solution
Upgrade Symantec Endpoint Protection Manager to version 11.0.7405.1424 or 12.1.4023.4080 or later, and Symantec Protection Center Small Business Edition to version 12.1.4023.4080 or later, For updates refer to http://www.symantec.com
Insight
Flaw is due to an error when handling XML data within the servlet/ConsoleServlet.
Affected
Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080
Detection
Send a specially crafted XML data including external entity references to TCP port 9090 and check wheather it is able to execute commands remotely or not.
References
Severity
Classification
-
CVE CVE-2013-5014, CVE-2013-5015 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- ALCASAR Remote Code Execution Vulnerability
- artmedic_links5 File Inclusion Vulnerability