CVE-2013-5009

Symantec SEP <11.0.7.4-12.1.2 RU2 - Privilege Escalation

Title source: llm

Description

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.

References (3)

[Vendor Advisory] http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90224

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64128

Scores

EPSS 0.0030

EPSS Percentile 53.2%

Classification

CWE

CWE-287

Status draft

Affected Products (24)

symantec/endpoint_protection < 11.0.7.3

symantec/endpoint_protection

... and 9 more

Timeline

Published Jan 10, 2014

Tracked Since Feb 18, 2026