CVE-2007-2375

Опубликовано: 30 апр. 2007

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.

Ссылки

http://secunia.com/advisories/24767
Patch
Vendor Advisory
http://www.securityfocus.com/bid/23287
http://www.securitytracker.com/id?1017881
http://www.symantec.com/avcenter/security/Content/2007.04.05d.html
Vendor Advisory
http://www.vupen.com/english/advisories/2007/1277
http://secunia.com/advisories/24767
Patch
Vendor Advisory
http://www.securityfocus.com/bid/23287
http://www.securitytracker.com/id?1017881
http://www.symantec.com/avcenter/security/Content/2007.04.05d.html
Vendor Advisory
http://www.vupen.com/english/advisories/2007/1277

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:symantec:enterprise_security_manager:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:symantec:enterprise_security_manager:6.0:*:*:*:*:*:*:*

cpe:2.3:a:symantec:enterprise_security_manager:6.5:*:*:*:*:*:*:*

cpe:2.3:a:symantec:enterprise_security_manager:6.5.1:*:*:*:*:*:*:*

cpe:2.3:a:symantec:enterprise_security_manager:6.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.0803

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-cx6g-56cf-6737

github

почти 4 года назад