CVE-2014-3440

Name of the Vulnerable Software and Affected Versions Symantec Critical System Protection versions 5.2.9 before MP6 Symantec Data Center Security: Server Advanced versions 6.0.x before 6.0 MP1

Description The issue allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. This is related to the Agent Control Interface in the management server.

Recommendations For Symantec Critical System Protection versions 5.2.9 before MP6, update to a version that includes MP6 or later. For Symantec Data Center Security: Server Advanced versions 6.0.x before 6.0 MP1, update to version 6.0 MP1 or later.