Remote Command Execution Vulnerability in Symantec Encryption Management Server
CVE-2015-8151

9.1CRITICAL

Key Information:

Vendor
Symantec
Status
Encryption Management Server
Vendor
CVE Published:
18 February 2016

Summary

Remote authenticated users of Symantec Encryption Management Server version 3.3.2 before MP12 can exploit a vulnerability to execute arbitrary operating system commands by leveraging console administrator access. This flaw can potentially allow unauthorized access to sensitive system functions and compromise the integrity of the server, highlighting the need for immediate patching and enhanced security measures.

References

http://www.securitytracker.com/id/1035063
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/83268
vdb-entryx_refsource_BID
http://www.symantec.com/security_response/securityupdates...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.