Remote Command Execution in Symantec Critical System Protection and Data Center Security
CVE-2014-3440

Currently unrated

Key Information:

Vendor: Broadcom
Status: Symantec Critical System Protection
Vendor: CVE Published:; 21 January 2015

What is CVE-2014-3440?

The Agent Control Interface of the management server in specific versions of Symantec Critical System Protection and Symantec Data Center Security: Server Advanced allows authenticated users to execute arbitrary commands. By exploiting client-system access to upload log files, attackers can potentially gain control over the system, leading to significant security risks. Users are encouraged to update to the latest versions to mitigate potential threats associated with this vulnerability.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2015/May/39

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/72091

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 21, 2015
Vulnerability Reserved
May 9, 2014

Broadcom

What is CVE-2014-3440?

References

Timeline