Brute Force Vulnerability in Symantec Reporter Management Interface
CVE-2017-15531

9.8CRITICAL

Key Information:

Vendor: Symantec Corporation
Status: Reporter
Vendor: CVE Published:; 23 January 2018

What is CVE-2017-15531?

Symantec Reporter versions 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 are vulnerable due to a lack of restrictions on excessive authentication attempts for users on the management interface. This vulnerability allows remote attackers to execute brute force attacks to guess passwords and potentially gain unauthorized access to the Reporter system. Administrators using affected versions should apply the latest security updates to mitigate this risk.

Affected Version(s)

Reporter 9.5 prior to 9.5.4.1

Reporter 10.x prior to 10.2

References

http://www.securityfocus.com/bid/102751

vdb-entryx_refsource_BID

https://www.symantec.com/security-center/network-protecti...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2018
Vulnerability Reserved
Oct 17, 2017

Symantec Corporation

What is CVE-2017-15531?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline