OS Command Injection in Security Analytics
27 April 2021
20 April 2021
The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability. A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges.
The following products and product versions are vulnerable to the CVEs listed. If a CVE is not listed, the product or version is not known to be vulnerable to it.
|Security Analytics (SA)|
|CVE-2021-30642||7.2||Upgrade to 7.2.7|
|8.1||Upgrade to 8.1.3-NSR3|
|8.2||Upgrade to 8.2.1-NSR2 or 8.2.2|
|Severity / CVSS v3.1:||Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)|
|Impact:||OS command injection|
|Description:||An input validation flaw in the Symantec Security Analytics web UI allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.|
CVE-2021-30642 is only exploitable in Security Analytics when the remote attacker can access the web UI. Security Analytics administrators can configure the on-appliance firewall to restrict web UI access to trusted IP addresses and subnets.
2021-04-20 initial public release