| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.2 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Symantec Workspace Streaming up to 6.0 and classified as critical. This affects an unknown part. This manipulation causes access control. The identification of this vulnerability is CVE-2014-1649. Furthermore, there is an exploit available. The affected component should be upgraded.
Details
A vulnerability has been found in Symantec Workspace Streaming up to 6.0 and classified as critical. Affected by this vulnerability is an unknown part. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
The weakness was shared 05/16/2014 by Andrea Micalizzi (rgod) with Zero Day Initiative (Website). The advisory is shared at zerodayinitiative.com. This vulnerability is known as CVE-2014-1649 since 01/23/2014. The attack needs to be done within the local network. The exploitation doesn't need any form of authentication. Technical details are unknown but a public exploit is available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
A public exploit has been developed by Metasploit in Ruby and been published 2 weeks after the advisory. It is possible to download the exploit at securityfocus.com. It is declared as highly functional. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 74153 (Symantec Workspace Streaming < 7.5 SP1 XMLRPC Request Remote Code Execution (SYM14-009)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows.
Upgrading to version 6.1 eliminates this vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 13556.
The vulnerability is also documented in the databases at X-Force (93100), Exploit-DB (33521), Tenable (74153), SecurityFocus (BID 67189†) and Vulnerability Center (SBV-44665†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.6VulDB Meta Temp Score: 9.2
VulDB Base Score: 9.6
VulDB Temp Score: 9.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Access: Public
Status: Highly functional
Author: Metasploit
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 74153
Nessus Name: Symantec Workspace Streaming < 7.5 SP1 XMLRPC Request Remote Code Execution (SYM14-009)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
MetaSploit ID: symantec_workspace_streaming_exec.rb
MetaSploit Name: Symantec Workspace Streaming Arbitrary File Upload
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Upgrade: Workspace Streaming 6.1
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
Fortigate IPS: 🔍
Timeline
01/23/2014 🔍05/12/2014 🔍
05/12/2014 🔍
05/16/2014 🔍
05/16/2014 🔍
05/23/2014 🔍
05/26/2014 🔍
05/26/2014 🔍
05/27/2014 🔍
03/25/2015 🔍
12/25/2024 🔍
Sources
Vendor: symantec.comAdvisory: zerodayinitiative.com
Researcher: Andrea Micalizzi (rgod)
Organization: Zero Day Initiative
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-1649 (🔍)
GCVE (CVE): GCVE-0-2014-1649
GCVE (VulDB): GCVE-100-69709
X-Force: 93100
SecurityFocus: 67189 - Symantec Workspace Streaming XMLRPC Unauthorized Access Vulnerability
Vulnerability Center: 44665 - Symantec Workspace Streaming (SWS) Before 7.5.0.749 Remote Unauthorized Access via a Crafted XMLRPC Request, High
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 03/25/2015 16:45Updated: 12/25/2024 03:04
Changes: 03/25/2015 16:45 (68), 05/29/2017 08:55 (16), 03/21/2022 14:26 (3), 12/25/2024 03:04 (14)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.