In combination, they effectively allow an unauthenticated attacker the execution of arbitrary commands with 'NT Authority\\SYSTEM' privileges on both the SEP Manager (SEPM) server, as well as on SEP clients running Windows. Taking control of the manager can yield a takeover of the whole enterprise network.\r\n\r\nIn this post, we will take a closer look at some of the discovered vulnerabilities in detail and demonstrate their exploitation. This can result in a full compromise of an enterprise Windows domain.\r\n\r\nSymantec provided the update 12.1 RU6 MP1 to address the issues.\r\n\r\n\r\nFor a full disclosure of some of the vulnerabilities, see:\r\n\r\n\r\n\r\n-\r\nIn a recent research project, Code White discovered several critical vulnerabilities in the Symantec Endpoint Protection (SEP) suite 12.1, affecting versions prior to 12.1 RU6 MP1 (see SYM15-007).\r\n\r\nAs with any centralized enterprise management solution, compromising a management server is quite attractive for an attacker, as it generally allows some kind of control over its managed clients. , "cvelist":, "modified": "T00:00:00", "id": "1337DAY-ID-23949", "href": "", "sourceData": "Code White found several vulnerabilities in Symantec Endpoint Protection\r\n(SEP), affecting versions 12.1 prior to 12.1 RU6 MP1.\r\n\r\nSEP Manager (SEPM):\r\n\r\n* CVE-2015-1486: Authentication Bypass\r\n* CVE-2015-1487: Arbitrary File Write\r\n* CVE-2015-1488: Arbitrary File Read\r\n* CVE-2015-1489: Privilege Escalation\r\n* CVE-2015-1490: Path Traversal\r\n* CVE-2015-1491: SQL Injection\r\n\r\nSEP clients:\r\n\r\n* CVE-2015-1492: Binary Planting\r\n\r\nOfficial Symantec advisory SYM15-007:\r\n\r\n\r\n\r\n\r\nAn exploitation of these vulnerabilities effectively allow an unauthenticated remote attacker the full compromise of both the SEPM server as well as SEP clients running Windows.
0 kommentar(er)
