OS Command Injection in Security Analytics

SA-S500

1 more products

17969

27 April 2021

20 April 2021

CLOSED

Critical

9.8

Summary

The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability.  A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges.

Affected Product(s)

The following products and product versions are vulnerable to the CVEs listed. If a CVE is not listed, the product or version is not known to be vulnerable to it.

Security Analytics (SA)
CVE Supported Version(s) Remediation
CVE-2021-30642 7.2 Upgrade to 7.2.7
8.1 Upgrade to 8.1.3-NSR3
8.2 Upgrade to 8.2.1-NSR2 or 8.2.2

 

Issue Details

CVE-2021-30642
Severity / CVSS v3.1: Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
References: NVD: CVE-2021-30642
Impact: OS command injection
Description: An input validation flaw in the Symantec Security Analytics web UI allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.

 

Mitigation

CVE-2021-30642 is only exploitable in Security Analytics when the remote attacker can access the web UI. Security Analytics administrators can configure the on-appliance firewall to restrict web UI access to trusted IP addresses and subnets.

Revisions

2021-04-20 initial public release