PT-2012-5347 · Php+1 · Php+2

Publicado

2012-12-18

·

Atualizado

2013-03-14

·

CVE-2012-4348

CVSS v2.0

7.2

Alta

VetorAV:A/AC:L/Au:M/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions 11.0 through 11.0 RU7-MP2 Symantec Endpoint Protection versions 12.1 through 12.1 RU1 Symantec Endpoint Protection Small Business Edition versions 12.0 through 12.1 RU1
Description The management console in Symantec Endpoint Protection does not properly validate input for PHP scripts. This allows remote authenticated users to execute arbitrary code via unspecified vectors.
Recommendations For Symantec Endpoint Protection versions 11.0 through 11.0 RU7-MP2, update to RU7-MP3 or later. For Symantec Endpoint Protection versions 12.1 through 12.1 RU1, update to RU2 or later. For Symantec Endpoint Protection Small Business Edition versions 12.0 through 12.1 RU1, update to 12.1 RU2 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2012-4348

Produtos afetados

Php
Symantec Endpoint Protection
Symantec Endpoint Protection Small Business Edition