Support Content Notification - Support Portal

Symantec pcAnywhere (run on connect) privilege escalation

Product/Component

Notification Id

1063

Last Updated

06 March 2020

Initial Publication Date

10 June 2005

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

WorkAround

Affected CVE

SUMMARY

Symantec pcAnywhere provides the option to run user defined commands when the remote host is connected. Enabling the “Launch with Windows” from the Host Properties Settings tab configures the pcAnyware host to run as a service with Local System privileges.

AFFECTED PRODUCTS

Affected Products (Consumer and Enterprise versions)
Symantec pcAnywhere All unsupported versions prior to 10.5x Symantec pcAnywhere version 10.5x Symantec pcAnywhere version 11x

ADDITIONAL PRODUCT INFORMATION

Products Not Affected
Symantec pcAnywhere 11.5

Note: Only Symantec products indicated above are potentially vulnerable. All other Symantec products are NOT affected

ISSUES

A non-privileged user with physical access to the system can potentially manipulate the Caller Properties feature to run arbitrary commands that will be executed with system level privileges when the system is restarted. This could potentially allow them to gain unauthorized Local System privilege on the targeted system.

MITIGATION

Symantec Response
Symantec has released a patch to address this issue. The patch can be downloaded from the Symantec technical support site. This patch ensures all commands launched through "Command to execute after connection" are launched within the scope of the logged in user’s access rights.
Symantec is not aware of any active attempts against or organizations impacted by this issue.

Recommendations:
Patches for this issue can be downloaded from the following locations:

For consumer versions of Symantec pcAnywhere:
http://www.symantec.com/techsupp/files/pca/index.html

For enterprise versions of Symantec pcAnywhere:
http://www.symantec.com/techsupp/enterprise/products/spca/files.html

Select your supported version of Symantec pcAnywhere and follow the instructions to download the appropriate update.

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats