CVE-2012-4348

Published Dec 18, 2012

Last updated 3 months ago

CVSS info 7.2

Overview

Description: The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 4.1
Vector string: AV:A/AC:L/Au:M/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9E055CC-55A9-4F52-BBC5-53126A581D76"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1DD0DB8-3108-4A6C-83D4-D1DA9CB1B51F"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "435109B2-F971-4059-8E5C-76C53A161836"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6mp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95779ECB-89B4-420B-8149-F8B07F4067BD"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:ru6mp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1580B17-6873-40AD-B092-EB768E656C5E"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "180A2514-AA60-486D-B807-8A4A289E3566"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.1:mp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFC9D744-C3B5-4F7B-B23F-14598BDE2DD0"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.1:mp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C2C5BA5-2A3D-4D67-AA8F-0A454E69BE2D"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "238E223B-44F4-4907-B524-A18614E6681B"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.2:mp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA57776C-4B87-4FC3-9678-CEBA60CB4D90"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.2:mp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43442575-6140-4D40-A5B9-C6E206274229"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7C80B41-521D-4ACC-BE57-E775B09F0E3B"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.4:mp1a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5253BED8-BF83-4F61-9320-14B0495AFD90"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.4:mp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8808B05E-C739-4252-8014-BA3558E95802"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.3001:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DDB8443-6567-4033-8D30-B35DACC0EE9A"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74A97619-5D8B-4634-BFA6-F73285865823"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6100:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CF5F84C-91C1-4395-B988-9F9E4F87D8B9"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6200:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0C0EFA7-71FE-48C9-97D3-F414F49DB495"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "142BCA40-386C-4498-BECB-22BC07B240DD"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6300:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD725528-A19A-465E-B427-EF426104B7AF"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.7000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFD42022-0168-4C9D-8EED-0E16322E8796"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.7100:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FE29507-7B24-44AD-8C15-C1063E34D7D9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A8C3211-6088-49D6-8228-C4E9B5DF1631"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.671:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E0A9C72-FD2F-40F3-A094-58FC34F0857A"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.1000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D997D8A-C093-4250-9481-3ED28E541B4B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.0:-:small_business:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D7E851B-1A0A-4077-9FCF-754D4FF798FF"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:-:small_business:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A89EF949-E330-4E70-BB93-AFE5E6F75120"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References