Symantec Encryption Management Server up to 3.3.2 MP6 Email Header access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in Symantec Encryption Management Server up to 3.3.2 MP6. This issue affects some unknown processing of the component Email Header Handler. The manipulation leads to access control. This vulnerability is listed as CVE-2014-7288. In addition, an exploit is available. To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability was found in Symantec Encryption Management Server up to 3.3.2 MP6 and classified as critical. This issue affects some unknown processing of the component Email Header Handler. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is integrity, and availability. The summary by CVE is:
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
The weakness was presented 01/29/2015 by Paul Craig with VantagePoint as SYM15-002 as confirmed advisory (Website). It is possible to read the advisory at symantec.com. The identification of this vulnerability is CVE-2014-7288 since 10/02/2014. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are unknown but a public exploit is available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
A public exploit has been developed by Paul Craig and been published 1 days after the advisory. The exploit is available at exploit-db.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 81179 (Symantec Encryption Management Server < 3.3.2 MP7 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Misc..
Applying the patch 3.3.2 MP7 is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 17120.
The vulnerability is also documented in the databases at X-Force (100763), Exploit-DB (35949), Tenable (81179), SecurityFocus (BID 72308†) and OSVDB (117766†). See VDB-68964 for similar entry. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 5.9
VulDB Base Score: 6.5
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Paul Craig
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 81179
Nessus Name: Symantec Encryption Management Server < 3.3.2 MP7 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 801798
OpenVAS Name: Symantec Encryption Management Server Local Command Injection Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Patch: 3.3.2 MP7
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Fortigate IPS: 🔍
Timeline
10/02/2014 🔍01/29/2015 🔍
01/29/2015 🔍
01/29/2015 🔍
01/29/2015 🔍
01/30/2015 🔍
01/30/2015 🔍
01/30/2015 🔍
01/30/2015 🔍
01/31/2015 🔍
02/15/2015 🔍
08/13/2025 🔍
Sources
Vendor: symantec.comAdvisory: SYM15-002
Researcher: Paul Craig
Organization: VantagePoint
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-7288 (🔍)
GCVE (CVE): GCVE-0-2014-7288
GCVE (VulDB): GCVE-100-68963
X-Force: 100763
SecurityFocus: 72308 - Symantec Encryption Management Server CVE-2014-7288 Local Command Injection Vulnerability
OSVDB: 117766
SecurityTracker: 1031673 - Symantec Encryption Management Server Lets Local Users Gain Elevated Privileges and Remote Users Inject Email Headers
Vulnerability Center: 48638 - Symantec Encryption Management Server <3.3.2 MP7 Local Commands Injection Vulnerability, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 01/30/2015 09:57Updated: 08/13/2025 17:49
Changes: 01/30/2015 09:57 (78), 06/20/2017 08:30 (15), 03/08/2022 00:34 (3), 08/13/2025 17:49 (14)
Complete: 🔍
Cache ID: 216:38B:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.