CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
88.2%
The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.
Vendor | Product | Version | CPE |
---|---|---|---|
symantec | enterprise_security_manager | 5.5.3 | cpe:2.3:a:symantec:enterprise_security_manager:5.5.3:*:*:*:*:*:*:* |
symantec | enterprise_security_manager | 6.0 | cpe:2.3:a:symantec:enterprise_security_manager:6.0:*:*:*:*:*:*:* |
symantec | enterprise_security_manager | 6.5 | cpe:2.3:a:symantec:enterprise_security_manager:6.5:*:*:*:*:*:*:* |
symantec | enterprise_security_manager | 6.5.1 | cpe:2.3:a:symantec:enterprise_security_manager:6.5.1:*:*:*:*:*:*:* |
symantec | enterprise_security_manager | 6.5.2 | cpe:2.3:a:symantec:enterprise_security_manager:6.5.2:*:*:*:*:*:*:* |