CVE-2015-8800

Name of the Vulnerable Software and Affected Versions Symantec Embedded Security: Critical System Protection (SES:CSP) versions 1.0.x through 1.0 before MP5 Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) version 6.5.0 before MP1 Critical System Protection (SCSP) versions prior to 5.2.9 MP6 Data Center Security: Server Advanced Server (DCS:SA) versions 6.x through 6.4 and version 6.6 before MP1 Data Center Security: Server Advanced Server and Agents (DCS:SA) versions prior to 6.6 MP1

Description The issue allows remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.

Recommendations For Symantec Embedded Security: Critical System Protection (SES:CSP) versions 1.0.x through 1.0 before MP5, update to version 1.0 MP5 or later. For Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) version 6.5.0 before MP1, update to version 6.5.0 MP1 or later. For Critical System Protection (SCSP) versions prior to 5.2.9 MP6, update to version 5.2.9 MP6 or later. For Data Center Security: Server Advanced Server (DCS:SA) versions 6.x through 6.4 and version 6.6 before MP1, update to version 6.5 MP1 or later for 6.x and version 6.6 MP1 or later for 6.6. For Data Center Security: Server Advanced Server and Agents (DCS:SA) versions prior to 6.6 MP1, update to version 6.6 MP1 or later.