OS Command Injection in Security Analytics
Summary
The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability. A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges.
Affected Product(s)
The following products and product versions are vulnerable to the CVEs listed. If a CVE is not listed, the product or version is not known to be vulnerable to it.
| Security Analytics (SA) | ||
| CVE | Supported Version(s) | Remediation |
| CVE-2021-30642 | 7.2 | Upgrade to 7.2.7 |
| 8.1 | Upgrade to 8.1.3-NSR3 | |
| 8.2 | Upgrade to 8.2.1-NSR2 or 8.2.2 | |
Issue Details
| CVE-2021-30642 | |
| Severity / CVSS v3.1: | Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) |
| References: | NVD: CVE-2021-30642 |
| Impact: | OS command injection |
| Description: | An input validation flaw in the Symantec Security Analytics web UI allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. |
Mitigation
CVE-2021-30642 is only exploitable in Security Analytics when the remote attacker can access the web UI. Security Analytics administrators can configure the on-appliance firewall to restrict web UI access to trusted IP addresses and subnets.
Revisions
2021-04-20 initial public release