Vulnerability Details CVE-2012-4348
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.6%
CVSS Severity
CVSS v2 Score 7.2
References
- http://www.securityfocus.com/bid/56846
- http://www.securitytracker.com/id?1027863
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00
- http://www.securityfocus.com/bid/56846
- http://www.securitytracker.com/id?1027863
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00
Products affected by CVE-2012-4348
-
cpe:2.3:a:symantec:endpoint_protection:11.0
-
cpe:2.3:a:symantec:endpoint_protection:11.0.1
-
cpe:2.3:a:symantec:endpoint_protection:11.0.2
-
cpe:2.3:a:symantec:endpoint_protection:11.0.3001
-
cpe:2.3:a:symantec:endpoint_protection:11.0.4
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6000
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6100
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6200
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6300
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7000
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7100
-
cpe:2.3:a:symantec:endpoint_protection:12.0
-
cpe:2.3:a:symantec:endpoint_protection:12.1
-
cpe:2.3:a:symantec:endpoint_protection:12.1.1000
-
cpe:2.3:a:symantec:endpoint_protection:12.1.671