PT-2016-4031 · Symantec · Symantec Endpoint Protection+2

Publicado

2016-06-30

Atualizado

2017-09-01

CVE-2015-8801

CVSS v2.0

3.3

Baixa

Vetor

AV:L/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection version 12.1 before RU6 MP5

Description A race condition in the client allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the device manager recognizes a new USB device.

Recommendations For Symantec Endpoint Protection version 12.1 before RU6 MP5, update to RU6 MP5 or later to resolve the issue. As a temporary workaround, consider restricting access to USB devices until the update is applied.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-254

Identificadores relacionados

CVE-2015-8801

Produtos afetados

Symantec Endpoint Protection

Symantec Endpoint Protection Client

Symantec Endpoint Protection Server

PT-2016-4031 · Symantec · Symantec Endpoint Protection+2

CVE-2015-8801

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5