Vulnerability Details CVE-2013-5010
The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.8%
CVSS Severity
CVSS v2 Score 4.6
References
- http://www.securityfocus.com/bid/64129
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90225
- http://www.securityfocus.com/bid/64129
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90225
Products affected by CVE-2013-5010
-
cpe:2.3:a:symantec:endpoint_protection:-
-
cpe:2.3:a:symantec:endpoint_protection:11
-
cpe:2.3:a:symantec:endpoint_protection:11.0
-
cpe:2.3:a:symantec:endpoint_protection:11.0.1
-
cpe:2.3:a:symantec:endpoint_protection:11.0.2
-
cpe:2.3:a:symantec:endpoint_protection:11.0.3001
-
cpe:2.3:a:symantec:endpoint_protection:11.0.4
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6000
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6100
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6200
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6300
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7.1
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7.2
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7.3
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7000
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7100