PT-2014-4278 · Symantec · Symantec Workspace Streaming

Andrea Micalizzi

Published

2014-05-13

Updated

2014-07-24

CVE-2014-1649

CVSS v2.0

7.9

High

Vector

AV:A/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec Workspace Streaming versions prior to 7.5.0.749

Description The issue allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. This can potentially lead to remote code execution.

Recommendations For versions prior to 7.5.0.749, update to version 7.5.0.749 or later to resolve the issue. As a temporary workaround, consider restricting access to the XMLRPC interface until a patch is applied. Avoid using the putFile method in the XMLRPC request until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-1649

ZDI-14-127

Affected Products

Symantec Workspace Streaming

PT-2014-4278 · Symantec · Symantec Workspace Streaming

CVE-2014-1649

Weakness Enumeration

Related Identifiers

Affected Products

References · 8