Directory Traversal Vulnerability in Symantec Embedded Security Products
CVE-2015-8799

7.6HIGH

Key Information:

Vendor: Broadcom
Status: Symantec Data Center Security Server; Symantec Data Center Security Server And Agents; Symantec Embedded Security Critical System Protection For Controllers And Devices; Symantec Critical System Protection
Vendor: CVE Published:; 8 June 2016

What is CVE-2015-8799?

A directory traversal vulnerability exists in the Management Server of several Symantec Embedded Security products. This issue allows remote authenticated users to manipulate update-package data and write it to arbitrary agent locations. This could lead to unauthorized access and potential exploitation of system resources. Users are strongly advised to apply the necessary updates to mitigate risks associated with this vulnerability.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/90885

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2016
Vulnerability Reserved
Feb 2, 2016

Broadcom

What is CVE-2015-8799?

References

CVSS V3.1

Timeline