CVE-2007-2375
Symantec Enterprise Security Manager - Remote Code Execution via Unauthenticated Agent Upgrade
Title source: llmDescription
The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23287
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1017881
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1277
Vendor Advisory x_refsource_confirm
http://www.symantec.com/avcenter/security/Content/2007.04.05d.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24767
Scores
EPSS
0.0898
EPSS Percentile
92.7%
Details
Status
published
Products (5)
symantec/enterprise_security_manager
5.5.3
symantec/enterprise_security_manager
6.0
symantec/enterprise_security_manager
6.5
symantec/enterprise_security_manager
6.5.1
symantec/enterprise_security_manager
6.5.2
Published
Apr 30, 2007
Tracked Since
Feb 18, 2026