PT-2014-2890 · Symantec · Symantec Endpoint Protection+2
Published
2014-01-10
·
Updated
2017-08-29
·
CVE-2013-5009
CVSS v2.0
7.4
High
| Vector | AV:A/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Symantec Endpoint Protection versions 11.x through 11.0.7.3
Symantec Endpoint Protection versions 12.x through 12.1.2 RU1
Symantec Endpoint Protection Small Business Edition versions 12.x through 12.1.2 RU1
Description
The issue is related to improper authentication in the Management Console, allowing remote authenticated users to gain privileges by leveraging access to a limited-admin account.
Recommendations
For Symantec Endpoint Protection versions 11.x through 11.0.7.3, update to version 11.0.7.4 or later.
For Symantec Endpoint Protection versions 12.x through 12.1.2 RU1, update to version 12.1.2 RU2 or later.
For Symantec Endpoint Protection Small Business Edition versions 12.x through 12.1.2 RU1, update to version 12.1.2 RU2 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symantec Endpoint Protection
Symantec Endpoint Protection Client
Symantec Endpoint Protection Small Business Edition