Symantec Critical System Protection 5.2.9.x < 5.2.9 MP6 Multiple Vulnerabilities (SYM15-001 / SYM16-009)
high Nessus プラグイン ID 80911
Language:
概要
リモート Windows ホストにセキュリティアプリケーションがインストールされており、これは複数の脆弱性の影響を受けます。説明
The version of Symantec Critical System Protection (SCSP) installed on the remote Windows host is 5.2.9.x prior to 5.2.9 MP6. したがって、以下の複数の脆弱性による影響を受けます。- A remote code execution vulnerability exists in the Management Server Agent Control Interface due to improper sanitization of user-uploaded files. An authenticated, remote attacker can exploit this, by uploading a log file, to execute arbitrary script code with the privileges of the web server. (CVE-2014-3440)
- A SQL injection (SQLi) vulnerability exists in the management server due to the /sis-ui/authenticate script not properly sanitizing user-supplied input to the 'ai' POST parameter. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the manipulation or disclosure of arbitrary data. (CVE-2014-7289)
- Multiple cross-site scripting (XSS) vulnerabilities exist in the management server in the WCUnsupportedClass.jsp script and SSO-Error.jsp script due to improper validation of user-supplied input to the 'classname' and 'ErrorMsg' GET parameters. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2014-9224)
- An information disclosure vulnerability exists in the management server due to a failure to properly restrict internal server information. An authenticated, remote attacker can exploit this, via a direct request to the environment.jsp script, to disclose sensitive server information. (CVE-2014-9225)
- A privilege escalation vulnerability exists due to a failure to sufficiently restrict access to certain host functionality. A local attacker can exploit this to bypass protection policies and gain elevated privileges.
(CVE-2014-9226)
- A SQL injection (SQLi) vulnerability exists in the management server due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the manipulation or disclosure of arbitrary data. (CVE-2015-8157)
- A path traversal issue exists due to improper sanitization of user-supplied input. 認証されていないリモートの攻撃者がこれを悪用し、特別に細工されたリクエストで任意のコードを実行する可能性があります。
(CVE-2015-8798)
- A path traversal issue exists that allows an authenticated, remote attacker to write update-package data to arbitrary agent locations, resulting in the execution of arbitrary code. (CVE-2015-8799)
- An unspecified flaw exists that is triggered when handling process calls written to a specific named pipe.
An authenticated, remote attacker can exploit this to inject arbitrary arguments. (CVE-2015-8800)
ソリューション
Symantec Critical System Protection 5.2.9 MP6 またはそれ以降にアップグレードしてください。または、ベンダーアドバイザリで言及されている回避策を適用してください。
参考資料
プラグインの詳細
深刻度: High
ID: 80911
ファイル名: symantec_critical_system_protection_sym15-001.nasl
バージョン: 1.12
タイプ: local
エージェント: windows
ファミリー: Windows
公開日: 2015/1/22
更新日: 2019/11/25
サポートされているセンサー: Nessus Agent, Nessus
リスク情報
VPR
リスクファクター: Medium
スコア: 6.7
CVSS v2
リスクファクター: High
基本値: 9
現状値: 7
ベクトル: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS スコアのソース: CVE-2014-3440
脆弱性情報
CPE: cpe:/a:symantec:critical_system_protection
必要な KB アイテム: installed_sw/Symantec Critical System Protection
エクスプロイトが利用可能: true
エクスプロイトの容易さ: Exploits are available
パッチ公開日: 2015/1/19
脆弱性公開日: 2015/1/19
参照情報
CVE: CVE-2014-3440, CVE-2014-7289, CVE-2014-9224, CVE-2014-9225, CVE-2014-9226, CVE-2015-8157, CVE-2015-8798, CVE-2015-8799, CVE-2015-8800
BID: 72091, 72092, 72093, 72094, 72095, 90884, 90885, 90886, 90889