Symantec (Blue Coat) Reporter CLI OS Command Injection Vulnerability (SYMSA1465)
High Nessus Plugin ID 121254
SynopsisThe remote host is running a version of Symantec (Blue Coat)
Reporter CLI that is affected by an OS command injection vulnerability.
DescriptionAccording to its self-reported version number, the Symantec
(formerly Blue Coat) Reporter installation running on the remote
host is 10.1 prior to 10.1.5.6 or 10.2 prior to 10.2.1.8. It is,
therefore, affected by an OS command injection vulnerability. An
authenticated attacker with Enable mode administrator access can
execute arbitrary OS commands with elevated system privileges.
Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version
SolutionUpgrade to Symantec Reporter version 10.1.5.6 / 10.2.1.8 or later.