Vulnerability Name:

CVE-2012-4348 (CCN-80601)

Assigned:2012-12-10
Published:2012-12-10
Updated:2013-03-14
Summary:The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:A/AC:L/Au:M/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:A/AC:L/Au:M/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Authentication (Au): Multiple_Instances
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-4348

Source: CCN
Type: SA51527
Symantec Endpoint Protection Management Console Code Execution Vulnerabilities

Source: CCN
Type: OSVDB ID: 88347
Symantec Endpoint Protection Management Console Multiple Unspecified Script Remote Code Execution

Source: BID
Type: UNKNOWN
56846

Source: CCN
Type: BID-56846
Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1027863

Source: CCN
Type: SYM12-019
Symantec Endpoint Protection Management Consoles Multiple Issues

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00

Source: XF
Type: UNKNOWN
symantec-endpoint-console-code-exec(80601)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru5:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6a:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6mp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.1:mp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.1:mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.2:mp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.2:mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.4:mp1a:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.4:mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.3001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6100:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6200:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6300:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.7000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.7100:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:symantec:endpoint_protection:12.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:12.1.671:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:12.1.1000:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:symantec:endpoint_protection:12.0:-:small_business:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:12.1:-:small_business:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:12.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:12.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec endpoint protection 11.0
    symantec endpoint protection 11.0 ru5
    symantec endpoint protection 11.0 ru6
    symantec endpoint protection 11.0 ru6a
    symantec endpoint protection 11.0 ru6mp1
    symantec endpoint protection 11.0 ru6mp2
    symantec endpoint protection 11.0.1
    symantec endpoint protection 11.0.1 mp1
    symantec endpoint protection 11.0.1 mp2
    symantec endpoint protection 11.0.2
    symantec endpoint protection 11.0.2 mp1
    symantec endpoint protection 11.0.2 mp2
    symantec endpoint protection 11.0.4
    symantec endpoint protection 11.0.4 mp1a
    symantec endpoint protection 11.0.4 mp2
    symantec endpoint protection 11.0.3001
    symantec endpoint protection 11.0.6000
    symantec endpoint protection 11.0.6100
    symantec endpoint protection 11.0.6200
    symantec endpoint protection 11.0.6200.754
    symantec endpoint protection 11.0.6300
    symantec endpoint protection 11.0.7000
    symantec endpoint protection 11.0.7100
    symantec endpoint protection 12.1
    symantec endpoint protection 12.1.671
    symantec endpoint protection 12.1.1000
    symantec endpoint protection 12.0 -
    symantec endpoint protection 12.1 -
    symantec endpoint protection 11.0
    symantec endpoint protection 12.0
    symantec endpoint protection 12.1