Information Disclosure in Altiris WMI Provider by Broadcom
CVE-2026-15379
What is CVE-2026-15379?
The Altiris WMI Provider exposes a class called AltirisAgent_Stream that enables local standard users to read any file contents accessible to the SYSTEM account. This occurs due to the provider executing under the LocalSystem context while servicing WMI queries, without properly re-impersonating the requesting user. As a result, standard users can access sensitive files, including configuration documents, service logs, and other secrets stored with restricted ACLs intended for SYSTEM or Administrator access. Organizations using the Altiris WMI Provider must be aware of this vulnerability to secure their sensitive information effectively.
Affected Version(s)
Symantec IT Management Suite 8.8
Symantec IT Management Suite 8.8.1
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved