Lucene search

SymantecCVE-2013-5009

HistoryJan 10, 2014 - 4:47 p.m.

CVE-2013-5009

2014-01-1016:47:05

CWE-287

symantec

web.nvd.nist.gov

symantec

endpoint protection

authentication

vulnerability

cve-2013-5009

CVSS2

7.4

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

46.0%

JSON

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.

Affected configurations

Nvd

Node

symantecendpoint_protectionRange≤11.0.7.3

symantecendpoint_protectionMatch11.0

symantecendpoint_protectionMatch11.0ru5

symantecendpoint_protectionMatch11.0ru6

symantecendpoint_protectionMatch11.0ru6a

symantecendpoint_protectionMatch11.0ru6mp1

symantecendpoint_protectionMatch11.0ru6mp2

symantecendpoint_protectionMatch11.0.1

symantecendpoint_protectionMatch11.0.1mp1

symantecendpoint_protectionMatch11.0.1mp2

symantecendpoint_protectionMatch11.0.2

symantecendpoint_protectionMatch11.0.2mp1

symantecendpoint_protectionMatch11.0.2mp2

symantecendpoint_protectionMatch11.0.4

symantecendpoint_protectionMatch11.0.4mp1a

symantecendpoint_protectionMatch11.0.4mp2

symantecendpoint_protectionMatch11.0.3001

symantecendpoint_protectionMatch11.0.6000

symantecendpoint_protectionMatch11.0.6100

symantecendpoint_protectionMatch11.0.6200

symantecendpoint_protectionMatch11.0.6200.754

symantecendpoint_protectionMatch11.0.6300

symantecendpoint_protectionMatch11.0.7000

symantecendpoint_protectionMatch11.0.7100

VendorProductVersionCPE
symantecendpoint_protection*cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*
symantecendpoint_protection11.0cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*
symantecendpoint_protection11.0cpe:2.3:a:symantec:endpoint_protection:11.0:ru5:*:*:*:*:*:*
symantecendpoint_protection11.0cpe:2.3:a:symantec:endpoint_protection:11.0:ru6:*:*:*:*:*:*
symantecendpoint_protection11.0cpe:2.3:a:symantec:endpoint_protection:11.0:ru6a:*:*:*:*:*:*
symantecendpoint_protection11.0cpe:2.3:a:symantec:endpoint_protection:11.0:ru6mp1:*:*:*:*:*:*
symantecendpoint_protection11.0cpe:2.3:a:symantec:endpoint_protection:11.0:ru6mp2:*:*:*:*:*:*
symantecendpoint_protection11.0.1cpe:2.3:a:symantec:endpoint_protection:11.0.1:*:*:*:*:*:*:*
symantecendpoint_protection11.0.1cpe:2.3:a:symantec:endpoint_protection:11.0.1:mp1:*:*:*:*:*:*
symantecendpoint_protection11.0.1cpe:2.3:a:symantec:endpoint_protection:11.0.1:mp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	endpoint_protection	*	cpe:2.3:a:symantec:endpoint_protection::::::::
symantec	endpoint_protection	11.0	cpe:2.3:a:symantec:endpoint_protection:11.0:::::::*
symantec	endpoint_protection	11.0	cpe:2.3:a:symantec:endpoint_protection:11.0:ru5::::::
symantec	endpoint_protection	11.0	cpe:2.3:a:symantec:endpoint_protection:11.0:ru6::::::
symantec	endpoint_protection	11.0	cpe:2.3:a:symantec:endpoint_protection:11.0:ru6a::::::
symantec	endpoint_protection	11.0	cpe:2.3:a:symantec:endpoint_protection:11.0:ru6mp1::::::
symantec	endpoint_protection	11.0	cpe:2.3:a:symantec:endpoint_protection:11.0:ru6mp2::::::
symantec	endpoint_protection	11.0.1	cpe:2.3:a:symantec:endpoint_protection:11.0.1:::::::*
symantec	endpoint_protection	11.0.1	cpe:2.3:a:symantec:endpoint_protection:11.0.1:mp1::::::
symantec	endpoint_protection	11.0.1	cpe:2.3:a:symantec:endpoint_protection:11.0.1:mp2::::::