Connect with us

Hi, what are you looking for?



Symantec Patches High Risk Vulnerabilities in Endpoint Protection

Symantec has released an update for its Symantec Endpoint Protection (SEP) to resolve three High risk security vulnerabilities in the product.

Symantec has released an update for its Symantec Endpoint Protection (SEP) to resolve three High risk security vulnerabilities in the product.

According to an advisory issued Mar. 17, the security flaws in Symantec Endpoint Protection could potentially result in authorized users with low privileges gaining elevated access to the Management Console. Moreover, the security firm warns that SEP Client security mitigations could be bypassed to achieve arbitrary code execution on a targeted client.

The first of the three security issues is a cross-site request forgery vulnerability in the management console for SEPM (CVE-2015-8152), caused by an insufficient security check in SEPM. An authorized but less-privileged user could gain unauthorized elevated access to the SEPM management console by including arbitrary code in authorized logging scripts.

In addition to the CSRF issue, Symantec resolved an SQL injection vulnerability in SEPM (CVE-2015-8153). This security flaw can also be exploited by an authorized, logged-in user to potentially elevate access to administrative level on the application.

The third security flaw (CVE-2015-8154) affects the SysPlant.sys driver in Windows, which is loaded as part of the Application and Device Control (ADC) component on a SEP client, provided that ADC is installed and enabled on the client. A successful bypass of security controls could result in arbitrary code execution on a client system with logged-on user privileges, Symantec noted.

To exploit this vulnerability, an attacker could use known methods of trust exploitation that require interaction from an authenticated user, such as clicking on a malicious link or opening a malicious document, either on a website or in an email. The issue affects only customers using ADC and can be mitigated by disabling ADC driver or by uninstalling ADC in SEP.

With CVSS2 Base Scores of 8.5 and 7.9, respectively, the CVE-2015-8152 and CVE-2015-8153 vulnerabilities were discovered by Kaspersky Lab’s Anatoly Katyushin. Featuring a CVSS2 Base Score of 8.5, CVE-2015-8154 was discovered by the enSilo Research Team.

Advertisement. Scroll to continue reading.

All three security flaws were found in Symantec Endpoint Protection version 12.1 and have been resolved in SEP 12.1-RU6-MP4. SEP customers are advised to update to the new product release as soon as possible to remain protected.

Last August, Symantec resolved several Critical vulnerabilities in SEP 12.1 that could have allowed an attacker to gain access to an organization’s entire corporate network. The list of flaws included an authentication bypass, three path traversals, a privilege escalation, and multiple SQL injections.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.