CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
50.1%
Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending “alternate commands” before the handshake is completed.
Vendor | Product | Version | CPE |
---|---|---|---|
symantec | altiris_deployment_solution | 6.9 | cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:* |
symantec | altiris_deployment_solution | 6.9 | cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:* |
symantec | altiris_deployment_solution | 6.9 | cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:* |