Lucene search

MitreCVE-2007-2375

HistoryApr 30, 2007 - 11:19 p.m.

CVE-2007-2375

2007-04-3023:19:00

mitre

web.nvd.nist.gov

cve-2007-2375

symantec

esm

remote upgrade

security vulnerability

arbitrary code execution

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.018

Percentile

88.2%

JSON

The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.

Affected configurations

Nvd

Node

symantecenterprise_security_managerMatch5.5.3

symantecenterprise_security_managerMatch6.0

symantecenterprise_security_managerMatch6.5

symantecenterprise_security_managerMatch6.5.1

symantecenterprise_security_managerMatch6.5.2

VendorProductVersionCPE
symantecenterprise_security_manager5.5.3cpe:2.3:a:symantec:enterprise_security_manager:5.5.3:*:*:*:*:*:*:*
symantecenterprise_security_manager6.0cpe:2.3:a:symantec:enterprise_security_manager:6.0:*:*:*:*:*:*:*
symantecenterprise_security_manager6.5cpe:2.3:a:symantec:enterprise_security_manager:6.5:*:*:*:*:*:*:*
symantecenterprise_security_manager6.5.1cpe:2.3:a:symantec:enterprise_security_manager:6.5.1:*:*:*:*:*:*:*
symantecenterprise_security_manager6.5.2cpe:2.3:a:symantec:enterprise_security_manager:6.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	enterprise_security_manager	5.5.3	cpe:2.3:a:symantec:enterprise_security_manager:5.5.3:::::::*
symantec	enterprise_security_manager	6.0	cpe:2.3:a:symantec:enterprise_security_manager:6.0:::::::*
symantec	enterprise_security_manager	6.5	cpe:2.3:a:symantec:enterprise_security_manager:6.5:::::::*
symantec	enterprise_security_manager	6.5.1	cpe:2.3:a:symantec:enterprise_security_manager:6.5.1:::::::*
symantec	enterprise_security_manager	6.5.2	cpe:2.3:a:symantec:enterprise_security_manager:6.5.2:::::::*

References

secunia.com/advisories/24767

www.securityfocus.com/bid/23287

www.securitytracker.com/id?1017881

www.symantec.com/avcenter/security/Content/2007.04.05d.html

www.vupen.com/english/advisories/2007/1277

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.018

Percentile

88.2%

JSON

Related for CVE-2007-2375