Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0290

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-0290
Last Modified 16 Feb 2012 11:11:09
Published 06 Feb 2012 03:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0290

Summary

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."

Vulnerable Systems

Application

  • Symantec Altiris Client Management Suite Pcanywhere Solution 12.5

  • Symantec Altiris Client Management Suite Pcanywhere Solution 12.6

  • Symantec Altiris Deployment Solution Remote Pcanywhere Solution 12.5

  • Symantec Altiris Deployment Solution Remote Pcanywhere Solution 12.6

  • Symantec Pcanywhere 10.5

  • Symantec Pcanywhere 11.5

  • Symantec Pcanywhere 11.5.1

  • Symantec Pcanywhere 12.1

  • Symantec Pcanywhere 12.5

  • Symantec Pcanywhere 12.5.265

  • Symantec Pcanywhere 12.5.3

  • Symantec Pcanywhere 12.5.539

  • Symantec Pcanywhere 12.6.65

  • Symantec Pcanywhere 12.6.7580

  • Symantec Pcanywhere 5.0

  • Symantec Pcanywhere 8.0

  • Symantec Pcanywhere 9.2


References

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00

BID - 51862

XF - pcanywhere-unauth-access(72996)


Last Updated: 27 May 2016 10:58:09