Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-1421
HistoryNov 20, 2017 - 8:00 a.m.

Symantec Management Console Directory Traversal

2017-11-2008:00:00
Symantec Security Response
22

EPSS

0.362

Percentile

97.2%

JSON

SUMMARY

Symantec has released an update to address an issue in the Symantec Management Console product.

AFFECTED PRODUCTS

Symantec Management Console

CVE

|

Affected Version(s)

|

Remediation

CVE-2017-15527

|

Prior to ITMS 8.1 RU4, ITMS 8.0 POST HF6 & ITMS 7.6 POST HF7

|

Upgrade to ITMS 8.1 RU4, ITMS 8.0 POST HF6 & ITMS 7.6 POST HF7

ISSUES

CVE-2017-15527

Severity/CVSSv3:

|

High / 7.6 AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Impact:

|

Securityfocus: BID 101743 / NVD: CVE-2017-15527

Directory traversal

Description:

|

The Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing “traverse to parent directory” are passed through to the file APIs. The goal of this attack is to use an affected application to gain unauthorized access to the file system.

MITIGATION

This issue was validated by the product team engineers. A Symantec Management Console update, version ITMS 8.1 RU4 as well as patches ITMS 8.0 POST HF6 & ITMS 7.6 POST HF7, have been released which address the aforementioned issue. Note that the latest Symantec Management Console release and patches are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from this issue.

BEST PRACTICES

Symantec recommends the following measures to reduce risk of attack:

  • Restrict access to administrative or management systems to authorized privileged users.
  • Restrict remote access to trusted/authorized systems only.
  • Run under the principle of least privilege, where possible, to limit the impact of potential exploit.
  • Keep all operating systems and applications current with vendor patches.
  • Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection to both inbound and outbound threats.
  • Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.

ACKNOWLEDGEMENTS

  • Christoffer Wiman (CVE-2017-15527)

Related

nessus 2
cve 2
prion 2
cvelist 2
nvd 2
checkpoint_advisories 1
zdt 1
metasploit 1
exploitdb 1
packetstorm 1
symantec 2
rapid7community 1
openvas 1
nessus
nessus
Symantec Management Console File Name Handling Path Traversal Remote Access (SYM17-013)
2017-12-01 00:00:00
Symantec Messaging Gateway 10.x < 10.6.3-266 Multiple Vulnerabilities (SYM17-004)
2017-06-30 00:00:00
cve
cve
CVE-2017-15527
2017-11-20 19:29:00
CVE-2017-6326
2017-06-26 21:29:00
prion
prion
Directory traversal
2017-11-20 19:29:00
Design/Logic Flaw
2017-06-26 21:29:00
cvelist
cvelist
CVE-2017-15527
2017-11-20 19:00:00
CVE-2017-6326
2017-06-26 21:00:00
nvd
nvd
CVE-2017-15527
2017-11-20 19:29:00
CVE-2017-6326
2017-06-26 21:29:00
checkpoint_advisories
checkpoint_advisories
Symantec Messaging Gateway remote code execution (CVE-2017-6326)
2017-07-20 00:00:00
zdt
zdt
Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution Exploit
2017-06-26 00:00:00
metasploit
metasploit
Symantec Messaging Gateway Remote Code Execution
2017-06-10 09:23:12
exploitdb
exploitdb
Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)
2017-06-26 00:00:00
packetstorm
packetstorm
Symantec Messaging Gateway Remote Code Execution
2017-06-24 00:00:00
symantec
symantec
Inventory Plugin for Symantec Management Agent Privilege Escalation
2018-07-16 20:20:17
Symantec Messaging Gateway Multiple Vulnerabilities
2017-06-21 08:00:00
rapid7community
rapid7community
Metasploit Wrapup
2017-06-30 19:09:11
openvas
openvas
Symantec Messaging Gateway <= 10.6.3 Multiple Vulnerabilities
2017-06-12 00:00:00

EPSS

0.362

Percentile

97.2%

JSON
Related for SMNTC-1421
nessus2cve2prion2cvelist2nvd2checkpoint_advisories1zdt1metasploit1exploitdb1packetstorm1symantec2rapid7community1openvas1