Symantec (Blue Coat) Reporter CLI OS Command Injection Vulnerability (SYMSA1465)
High Nessus Plugin ID 121254
SynopsisThe remote host is running a version of Symantec (Blue Coat) Reporter CLI that is affected by an OS command injection vulnerability.
DescriptionAccording to its self-reported version number, the Symantec (formerly Blue Coat) Reporter installation running on the remote host is 10.1 prior to 10.1.5.6 or 10.2 prior to 10.2.1.8. It is, therefore, affected by an OS command injection vulnerability. An authenticated attacker with Enable mode administrator access can execute arbitrary OS commands with elevated system privileges.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Symantec Reporter version 10.1.5.6 / 10.2.1.8 or later.