Symantec Endpoint Protection up to 12.1.5 Management Console sql injection
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.1 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in Symantec Endpoint Protection up to 12.1.5. This vulnerability affects unknown code of the component Management Console. This manipulation causes sql injection. This vulnerability is handled as CVE-2014-9229. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability has been found in Symantec Endpoint Protection up to 12.1.5 (Anti-Malware Software) and classified as problematic. Affected by this vulnerability is some unknown processing of the component Management Console. The manipulation with an unknown input leads to a sql injection vulnerability. The CWE definition for the vulnerability is CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. As an impact it is known to affect integrity. The summary by CVE is:
Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.
The weakness was released 06/17/2015 by Jan Kadijk as SYM15-005 as confirmed advisory (Website). It is possible to read the advisory at symantec.com. This vulnerability is known as CVE-2014-9229 since 12/03/2014. Access to the local network is required for this attack to succeed. Required for exploitation is a single authentication. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK.
The vulnerability scanner Nessus provides a plugin with the ID 84368 (Symantec Endpoint Protection Manager < 12.1 RU6 Multiple Vulnerabilities (SYM15-005)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 123663 (Symantec Endpoint Protection Manager and Client Multiple Vulnerabilities (SYM15-005)).
Upgrading to version 12.1.6 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (103938), Tenable (84368), SecurityFocus (BID 75204†), SecurityTracker (ID 1032616†) and Vulnerability Center (SBV-52829†). Entries connected to this vulnerability are available at VDB-75989 and VDB-75990. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.5VulDB Meta Temp Score: 3.1
VulDB Base Score: 3.5
VulDB Temp Score: 3.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Sql injectionCWE: CWE-89 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 84368
Nessus Name: Symantec Endpoint Protection Manager < 12.1 RU6 Multiple Vulnerabilities (SYM15-005)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 801798
OpenVAS Name: Symantec Endpoint Protection Multiple Vulnerabilities Oct15
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Endpoint Protection 12.1.6
Timeline
12/03/2014 🔍06/17/2015 🔍
06/17/2015 🔍
06/17/2015 🔍
06/17/2015 🔍
06/18/2015 🔍
06/18/2015 🔍
09/20/2015 🔍
09/21/2015 🔍
05/21/2022 🔍
Sources
Vendor: symantec.comAdvisory: SYM15-005
Researcher: Jan Kadijk
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-9229 (🔍)
GCVE (CVE): GCVE-0-2014-9229
GCVE (VulDB): GCVE-100-75991
X-Force: 103938 - Symantec Endpoint Protection Manager SQL command execution
SecurityFocus: 75204 - Symantec Endpoint Protection Manager and Client CVE-2014-9229 SQL Injection Vulnerability
SecurityTracker: 1032616
Vulnerability Center: 52829 - Symantec Endpoint Protection before 12.1.6 Remote SQL Injection Vulnerability in Manager Component, Medium
See also: 🔍
Entry
Created: 06/18/2015 18:26Updated: 05/21/2022 10:45
Changes: 06/18/2015 18:26 (72), 01/02/2018 09:56 (10), 05/21/2022 10:45 (3)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.