Symantec Endpoint Protection Manager 12.1 Execute Arbitrary OS Commands Vulnerabilities

Summary

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.

Credit:

Details

Vulnerable Systems:
 * Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3

Immune Systems:
 * Symantec Endpoint Protection Manager (SEPM) 12.1 after 12.1-RU6-MP3

The management console for Symantec Endpoint Protection Manager (SEPM) is susceptible to arbitrary Java command execution if an authorized but unauthenticated user or an unauthorized individual can gain access to the Java port on the SEPM console. The server does not properly handle untrusted external data which could lead to OS command execution with elevated application privileges. By leveraging the elevated application access obtained, a malicious attacker may be able to potentially manipulate SEPM services to launch arbitrary code with administrator privileges on the host system.

CVE Information:
CVE-2015-6555

Disclosure Timeline:
Original release date: 11/11/2015
Last revised: 11/12/2015

Categories: News