Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Symantec Patches High Risk Vulnerabilities in Endpoint Protection

Symantec has released an update for its Symantec Endpoint Protection (SEP) to resolve three High risk security vulnerabilities in the product.

Symantec has released an update for its Symantec Endpoint Protection (SEP) to resolve three High risk security vulnerabilities in the product.

According to an advisory issued Mar. 17, the security flaws in Symantec Endpoint Protection could potentially result in authorized users with low privileges gaining elevated access to the Management Console. Moreover, the security firm warns that SEP Client security mitigations could be bypassed to achieve arbitrary code execution on a targeted client.

The first of the three security issues is a cross-site request forgery vulnerability in the management console for SEPM (CVE-2015-8152), caused by an insufficient security check in SEPM. An authorized but less-privileged user could gain unauthorized elevated access to the SEPM management console by including arbitrary code in authorized logging scripts.

In addition to the CSRF issue, Symantec resolved an SQL injection vulnerability in SEPM (CVE-2015-8153). This security flaw can also be exploited by an authorized, logged-in user to potentially elevate access to administrative level on the application.

The third security flaw (CVE-2015-8154) affects the SysPlant.sys driver in Windows, which is loaded as part of the Application and Device Control (ADC) component on a SEP client, provided that ADC is installed and enabled on the client. A successful bypass of security controls could result in arbitrary code execution on a client system with logged-on user privileges, Symantec noted.

To exploit this vulnerability, an attacker could use known methods of trust exploitation that require interaction from an authenticated user, such as clicking on a malicious link or opening a malicious document, either on a website or in an email. The issue affects only customers using ADC and can be mitigated by disabling ADC driver or by uninstalling ADC in SEP.

With CVSS2 Base Scores of 8.5 and 7.9, respectively, the CVE-2015-8152 and CVE-2015-8153 vulnerabilities were discovered by Kaspersky Lab’s Anatoly Katyushin. Featuring a CVSS2 Base Score of 8.5, CVE-2015-8154 was discovered by the enSilo Research Team.

All three security flaws were found in Symantec Endpoint Protection version 12.1 and have been resolved in SEP 12.1-RU6-MP4. SEP customers are advised to update to the new product release as soon as possible to remain protected.

Advertisement. Scroll to continue reading.

Last August, Symantec resolved several Critical vulnerabilities in SEP 12.1 that could have allowed an attacker to gain access to an organization’s entire corporate network. The list of flaws included an authentication bypass, three path traversals, a privilege escalation, and multiple SQL injections.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.