Description
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64128
Vendor Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90224
Scores
EPSS
0.0030
EPSS Percentile
53.6%
Details
CWE
CWE-287
Status
published
Products (13)
symantec/endpoint_protection
11.0 (6 CPE variants)
symantec/endpoint_protection
11.0.1 (3 CPE variants)
symantec/endpoint_protection
11.0.2 (3 CPE variants)
symantec/endpoint_protection
11.0.4 (3 CPE variants)
symantec/endpoint_protection
11.0.3001
symantec/endpoint_protection
11.0.6000
symantec/endpoint_protection
11.0.6100
symantec/endpoint_protection
11.0.6200
symantec/endpoint_protection
11.0.6200.754
symantec/endpoint_protection
11.0.6300
... and 3 more
Published
Jan 10, 2014
Tracked Since
Feb 18, 2026