Remote Command Execution Vulnerability in Symantec PGP Universal Server and Encryption Management Server
CVE-2014-7288

Currently unrated

Key Information:

Vendor: Symantec
Status: Encryption Management Server; Pgp Universal Server
Vendor: CVE Published:; 1 February 2015

Summary

The Symantec PGP Universal Server and Encryption Management Server prior to version 3.3.2 MP7 are susceptible to a vulnerability that allows remote authenticated administrators to execute arbitrary shell commands. This exposure arises from improperly validated input during a database-backup restore operation, enabling attackers to craft malicious command lines. A successful exploitation could lead to unauthorized control and manipulation of system commands, posing a significant security risk. Organizations should ensure that they are running an updated version of the software to mitigate the potential threat.

References

http://www.securitytracker.com/id/1031673

vdb-entryx_refsource_SECTRACK

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.exploit-db.com/exploits/35949

exploitx_refsource_EXPLOIT-DB

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 1, 2015
Vulnerability Reserved
Oct 2, 2014