Symantec Endpoint Protection Manager - Directory Traversal

CVE-2016-5307

    Type

  • Directory Traversal

    • Severity

  • Medium

    • Affected products

  • Symantec Endpoint Protection Manager

    • CVE Reference

  • CVE-2016-5307
Read more
Timeline
2016-03-02Issue reported to Symantec
2016-03-04Symantec confirms recipient and will review issue
2016-04-01MWR requests update
2016-04-04Symantec confirms issue and a patch will be issued in the next release
2016-05-25Symantec updates MWR that issue will be fixed as part of version 12.1.6 MP5
2016-06-28Patch released as part of 12.1-RU6-MP5

Description

Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in corporate networks against malware, risks, and vulnerabilities. Symantec Endpoint Protection Manager is the management server component that manages the client computers with Symantec Endpoint Protection enabled.

Symantec Endpoint Protection Manager contained a directory traversal vulnerability that allowed unauthenticated users access to arbitrary files on the server.

Impact

This vulnerability would allow unauthenticated threat agents unauthorised access to resources on the server, which may contain sensitive information such as configuration files, log files and/or source codes.

Interim Workaround

Ensure that no sensitive files are stored within the web root directory.

Solution

Update to Symantec Endpoint Protection Manager 12.1-RU6-MP5.

Technical Details

Please refer to the attached advisory above.

Further Information

Symantec advisory