CVE-2013-5009

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 UNKNOWN
ADJACENT_NETWORK
MEDIUM
AV:A/AC:M/Au:S/C:C/I:C/A:C
symantecCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
symantecendpoint_protection
𝑥
≤ 11.0.7.3
symantecendpoint_protection
11.0
symantecendpoint_protection
11.0:ru5
symantecendpoint_protection
11.0:ru6
symantecendpoint_protection
11.0:ru6a
symantecendpoint_protection
11.0:ru6mp1
symantecendpoint_protection
11.0:ru6mp2
symantecendpoint_protection
11.0.1
symantecendpoint_protection
11.0.1:mp1
symantecendpoint_protection
11.0.1:mp2
symantecendpoint_protection
11.0.2
symantecendpoint_protection
11.0.2:mp1
symantecendpoint_protection
11.0.2:mp2
symantecendpoint_protection
11.0.4
symantecendpoint_protection
11.0.4:mp1a
symantecendpoint_protection
11.0.4:mp2
symantecendpoint_protection
11.0.3001
symantecendpoint_protection
11.0.6000
symantecendpoint_protection
11.0.6100
symantecendpoint_protection
11.0.6200
symantecendpoint_protection
11.0.6200.754
symantecendpoint_protection
11.0.6300
symantecendpoint_protection
11.0.7000
symantecendpoint_protection
11.0.7100
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/64128
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/90224
http://www.securityfocus.com/bid/64128
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/90224