| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.8 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Symantec Endpoint Protection up to 12.1 and classified as critical. This vulnerability affects unknown code of the component Script Handler. The manipulation leads to input validation. This vulnerability was named CVE-2012-4348. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Details
A vulnerability, which was classified as critical, was found in Symantec Endpoint Protection up to 12.1 (Anti-Malware Software). This affects an unknown functionality of the component Script Handler. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
The weakness was presented 12/10/2012 by SecuriTeam with SecuriTeam Secure Disclosure as SYM12-019 as confirmed advisory (Website). The advisory is shared at symantec.com. The public release was coordinated in cooperation with Symantec. This vulnerability is uniquely identified as CVE-2012-4348 since 08/16/2012. The exploitability is told to be difficult. The attack can only be done within the local network. The successful exploitation needs a authentication. Technical details are unknown but a private exploit is available.
It is declared as proof-of-concept. The commercial vulnerability scanner Qualys is able to test this issue with plugin 120737 (Symantec Endpoint Protection Management PHP Script Remote Code Execution Vulnerability (SYM12-019)).
Upgrading to version SEP 11.0 RU7-MP3 or SEP 12.1RU2 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (80601), SecurityFocus (BID 56846†), OSVDB (88347†), Secunia (SA51527†) and SecurityTracker (ID 1027863†). See VDB-7112 for similar entry. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.0VulDB Meta Temp Score: 7.8
VulDB Base Score: 9.0
VulDB Temp Score: 7.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Partially
Availability: 🔍
Access: Private
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Endpoint Protection SEP 11.0 RU7-MP3/SEP 12.1RU2
Timeline
08/16/2012 🔍12/10/2012 🔍
12/10/2012 🔍
12/10/2012 🔍
12/10/2012 🔍
12/11/2012 🔍
12/12/2012 🔍
12/12/2012 🔍
12/13/2012 🔍
12/18/2012 🔍
12/23/2012 🔍
12/29/2024 🔍
Sources
Vendor: symantec.comAdvisory: SYM12-019
Researcher: SecuriTeam
Organization: SecuriTeam Secure Disclosure
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2012-4348 (🔍)
GCVE (CVE): GCVE-0-2012-4348
GCVE (VulDB): GCVE-100-7113
X-Force: 80601 - Symantec Endpoint Protection console code execution, High Risk
SecurityFocus: 56846 - Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability
Secunia: 51527 - Symantec Endpoint Protection Management Console Code Execution Vulnerabilities, Moderately Critical
OSVDB: 88347
SecurityTracker: 1027863 - Symantec Endpoint Protection Input Validation Flaw Lets Remote Users Execute Arbitrary Code
Vulnerability Center: 37742 - Symantec Endpoint Protection Improper PHP Scripts Input Validation Allows Remote Code Execution, High
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 12/13/2012 10:29 AMUpdated: 12/29/2024 11:39 PM
Changes: 12/13/2012 10:29 AM (80), 04/22/2017 05:22 PM (4), 12/29/2024 11:39 PM (18)
Complete: 🔍
Committer:
Cache ID: 18:2DA:40
No comments yet. Languages: en.
Please log in to comment.