Vulnerability Name:

CVE-2013-5010 (CCN-90225)

Assigned:2013-07-29
Published:2014-01-09
Updated:2017-08-29
Summary:The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.
CVSS v3 Severity:4.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.1 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2013-5010

Source: CCN
Type: SA56345
Symantec Endpoint Protection Application/Device Control Policy Security Bypass Vulnerability

Source: BID
Type: UNKNOWN
64129

Source: CCN
Type: BID-64129
Symantec Endpoint Protection CVE-2013-5010 Local Unauthorized Access Vulnerability

Source: CCN
Type: SYM14-001
Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege

Source: CONFIRM
Type: Vendor Advisory
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00

Source: XF
Type: UNKNOWN
symantec-endpoint-cve20135010-sec-bypass(90225)

Source: XF
Type: UNKNOWN
symantec-endpoint-cve20135010-sec-bypass(90225)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru5:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6a:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6mp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.1:mp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.1:mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.2:mp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.2:mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.4:mp1a:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.4:mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:*:*:*:*:*:*:*:* (Version <= 11.0.7.3)
  • OR cpe:/a:symantec:endpoint_protection:11.0.3001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6100:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6200:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6300:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.7000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.7100:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:endpoint_protection:12.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec endpoint protection 11.0
    symantec endpoint protection 11.0 ru5
    symantec endpoint protection 11.0 ru6
    symantec endpoint protection 11.0 ru6a
    symantec endpoint protection 11.0 ru6mp1
    symantec endpoint protection 11.0 ru6mp2
    symantec endpoint protection 11.0.1
    symantec endpoint protection 11.0.1 mp1
    symantec endpoint protection 11.0.1 mp2
    symantec endpoint protection 11.0.2
    symantec endpoint protection 11.0.2 mp1
    symantec endpoint protection 11.0.2 mp2
    symantec endpoint protection 11.0.4
    symantec endpoint protection 11.0.4 mp1a
    symantec endpoint protection 11.0.4 mp2
    symantec endpoint protection *
    symantec endpoint protection 11.0.3001
    symantec endpoint protection 11.0.6000
    symantec endpoint protection 11.0.6100
    symantec endpoint protection 11.0.6200
    symantec endpoint protection 11.0.6200.754
    symantec endpoint protection 11.0.6300
    symantec endpoint protection 11.0.7000
    symantec endpoint protection 11.0.7100
    symantec endpoint protection 12.1