Symantec Enterprise Security Manager Remote Upgrade Authentication Bypass
1113
06 March 2020
05 April 2007
CLOSED
HIGH
SUMMARY
Symantec Enterprise Security Manager is susceptible to a remote code execution vulnerability.
Severity
High
Remote |
Yes |
Local Access |
Yes |
Authentication Required |
No |
Exploit publicly available |
No |
AFFECTED PRODUCTS
Vulnerable Products
The following supported ESM agent and manager platforms have patches available for immediate download. While the ESM manager is not vulnerable, it must be updated to work with the new agents.
Note: ESM 6.5.3 already includes the fixes and is not vulnerable.
ESM agent platform |
ESM version |
AIX (4.3.1, 4.3.3, 5.1, 5.2) |
All versions prior to 6.5.3 |
ESM manager platform |
ESM version |
AIX 4.2.1 |
ADDITIONAL PRODUCT INFORMATION
The following ESM Agents are not affected because they do not support remote upgrade.
ESM agent platform |
ESM version |
NetWare 6.0 |
All |
ISSUES
Details
All versions of the Enterprise Security Manager (ESM) are vulnerable to a remote code execution attack. The vulnerability exists in the ESM agent remote upgrade interface. The ESM agent accepts remote upgrade requests from any entity that understands the upgrade protocol. The ESM agent does not currently verify that upgrades are from a trusted source. An attacker with knowledge of the agent protocol could deploy a piece of software that allows the attacker to control the host computer. The ESM agent runs with administrative privileges.
MITIGATION
Symantec has released downloadable automated and manual fixes for all supported ESM agents.
To date, Symantec is not aware of any reported attempts to exploit this vulnerability.
For more information about installing or updating ESM components see the Symantec Enterprise Security Manager Installation Guide
REVISION
Added note clarifying that ESM 6.5.3 is not vulnerable.