Lucene search

SymantecCVE-2015-5689

HistorySep 20, 2015 - 8:59 p.m.

CVE-2015-5689

2015-09-2020:59:04

CWE-119

symantec

web.nvd.nist.gov

cve-2015-5689

symantec

ghost explorer utility

gss

symantec deployment solution

remote code execution

denial of service

information disclosure

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.146

Percentile

95.8%

JSON

ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.

Affected configurations

Nvd

Node

symantecdeployment_solutionMatch6.9sp3

symantecghost_solutions_suiteMatch1.0

symantecghost_solutions_suiteMatch1.1

symantecghost_solutions_suiteMatch1.1p2

symantecghost_solutions_suiteMatch2.0

symantecghost_solutions_suiteMatch2.0.1

symantecghost_solutions_suiteMatch2.0.2

symantecghost_solutions_suiteMatch2.1

VendorProductVersionCPE
symantecdeployment_solution6.9cpe:2.3:a:symantec:deployment_solution:6.9:sp3:*:*:*:*:*:*
symantecghost_solutions_suite1.0cpe:2.3:a:symantec:ghost_solutions_suite:1.0:*:*:*:*:*:*:*
symantecghost_solutions_suite1.1cpe:2.3:a:symantec:ghost_solutions_suite:1.1:*:*:*:*:*:*:*
symantecghost_solutions_suite1.1cpe:2.3:a:symantec:ghost_solutions_suite:1.1:p2:*:*:*:*:*:*
symantecghost_solutions_suite2.0cpe:2.3:a:symantec:ghost_solutions_suite:2.0:*:*:*:*:*:*:*
symantecghost_solutions_suite2.0.1cpe:2.3:a:symantec:ghost_solutions_suite:2.0.1:*:*:*:*:*:*:*
symantecghost_solutions_suite2.0.2cpe:2.3:a:symantec:ghost_solutions_suite:2.0.2:*:*:*:*:*:*:*
symantecghost_solutions_suite2.1cpe:2.3:a:symantec:ghost_solutions_suite:2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	deployment_solution	6.9	cpe:2.3:a:symantec:deployment_solution:6.9:sp3::::::
symantec	ghost_solutions_suite	1.0	cpe:2.3:a:symantec:ghost_solutions_suite:1.0:::::::*
symantec	ghost_solutions_suite	1.1	cpe:2.3:a:symantec:ghost_solutions_suite:1.1:::::::*
symantec	ghost_solutions_suite	1.1	cpe:2.3:a:symantec:ghost_solutions_suite:1.1:p2::::::
symantec	ghost_solutions_suite	2.0	cpe:2.3:a:symantec:ghost_solutions_suite:2.0:::::::*
symantec	ghost_solutions_suite	2.0.1	cpe:2.3:a:symantec:ghost_solutions_suite:2.0.1:::::::*
symantec	ghost_solutions_suite	2.0.2	cpe:2.3:a:symantec:ghost_solutions_suite:2.0.2:::::::*
symantec	ghost_solutions_suite	2.1	cpe:2.3:a:symantec:ghost_solutions_suite:2.1:::::::*

References

www.securityfocus.com/bid/76498

www.securitytracker.com/id/1033577

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150902_00

zerodayinitiative.com/advisories/ZDI-15-419/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.146

Percentile

95.8%

JSON

Related for CVE-2015-5689