DCOM and Task Scheduler Vulnerability in Broadcom ITMS Products
CVE-2026-15380
5.1MEDIUM
What is CVE-2026-15380?
A significant vulnerability in Broadcom's IT Management Suite allows non-administrator users to execute arbitrary SYSTEM-level code. This exploit leverages a chain of interactions via DCOM and the task scheduler, facilitating unauthorized access without the need for memory corruption or network connectivity. The exploitation process provides potential attackers with elevated privileges, posing serious security risks to affected installations. Users of ITMS should consult the vendor's advisories for mitigation strategies and updates.
Affected Version(s)
Symantec Management Suite 8.7.3
Symantec Management Suite 8.8
Symantec Management Suite 8.8.1
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dhanush Arvind, Intercontinental Exchange (ICE) Information Security (https://www.linkedin.com/in/dagowda)