CVE-2015-1486
Markus Wulftange of Code White discovered several critical vulnerabilities in the Symantec Endpoint Protection (SEP) suite.
Code White’s blog :
“As with any centralized enterprise management solution, compromising a management server is quite attractive for an attacker, as it generally allows some kind of control over its managed clients.”
Taking control of the manager can yield a takeover of the whole enterprise network
The vulnerabilities found in the Symantec Manager and Endpoints are the following :
CVE-2015-1486 – SEPM Authentication Bypass
CVE-2015-1487 – SEPM Arbitrary File Write
CVE-2015-1488 – SEPM Arbitrary File Read
CVE-2015-1489 – SEPM Privilege Escalation
CVE-2015-1490 – SEPM Path Traversal
CVE-2015-1491 – SEPM SQL Injection
CVE-2015-1492 – SEP Client Binary Planting
