PT-2012-5347 · Php+1 · Php+2

Published

2012-12-18

Updated

2013-03-14

CVE-2012-4348

CVSS v2.0

7.2

High

Vector

AV:A/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions 11.0 through 11.0 RU7-MP2 Symantec Endpoint Protection versions 12.1 through 12.1 RU1 Symantec Endpoint Protection Small Business Edition versions 12.0 through 12.1 RU1

Description The management console in Symantec Endpoint Protection does not properly validate input for PHP scripts. This allows remote authenticated users to execute arbitrary code via unspecified vectors.

Recommendations For Symantec Endpoint Protection versions 11.0 through 11.0 RU7-MP2, update to RU7-MP3 or later. For Symantec Endpoint Protection versions 12.1 through 12.1 RU1, update to RU2 or later. For Symantec Endpoint Protection Small Business Edition versions 12.0 through 12.1 RU1, update to 12.1 RU2 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-4348

Affected Products

Php

Symantec Endpoint Protection

Symantec Endpoint Protection Small Business Edition

PT-2012-5347 · Php+1 · Php+2

CVE-2012-4348

Weakness Enumeration

Related Identifiers

Affected Products

References · 5