Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4348

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2012-4348
Last Modified 13 Mar 2013 11:10:09
Published 18 Dec 2012 03:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication MULTIPLE_INSTANCES

CVE-2012-4348

Summary

The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

Vulnerable Systems

Application

  • Symantec Endpoint Protection 11.0

  • Symantec Endpoint Protection 11.0.1

  • Symantec Endpoint Protection 11.0.2

  • Symantec Endpoint Protection 11.0.3001

  • Symantec Endpoint Protection 11.0.4

  • Symantec Endpoint Protection 11.0.6000

  • Symantec Endpoint Protection 11.0.6100

  • Symantec Endpoint Protection 11.0.6200

  • Symantec Endpoint Protection 11.0.6200.754

  • Symantec Endpoint Protection 11.0.6300

  • Symantec Endpoint Protection 11.0.7000

  • Symantec Endpoint Protection 11.0.7100

  • Symantec Endpoint Protection 12.0

  • Symantec Endpoint Protection 12.1

  • Symantec Endpoint Protection 12.1.1000

  • Symantec Endpoint Protection 12.1.671


References

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121210_00

BID - 56846

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00

SECTRACK - 1027863


Last Updated: 27 May 2016 10:58:30