CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.7%
Added: 08/26/2015
CVE: CVE-2015-1486
BID: 76074
Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager (SEPM).
Symantec Endpoint Protection Manager is affected by an authentication bypass vulnerability in the **ResetPassword**
action, as well as an authenticated arbitrary file write vulnerability. By exploiting these two vulnerabilities together, a remote, unauthenticated attacker could upload and execute a file containing arbitrary commands.
Apply Symantec Endpoint Protection Manager 12.1-RU6-MP1 or higher.
[http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 ](<http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00
>)
<http://codewhitesec.blogspot.com/2015/07/symantec-endpoint-protection.html>
Exploit works on Symantec Endpoint Protection 12.1.
Windows