Back to Blog
Exploit symantec endpoint manager rce6/29/2023 Even in case that Agent registration would be somehow restricted, the attack could be executed from a compromised host with an Agent installed.ĭuring the registration we obtain a GUID that allows us to make use of the bulk log upload feature. Before the official Symantec advisory was available I asked some of my peers there if this step can be hardened/mitigated somehow, but they couldn’t present any method to do this. In default installations Agents can be registered without any authentication or prior knowledge. The exploit consists of two parts: First we need to register ourselves as an Agent to the SCSP Server. This is another example that just like any other software, security products can introduce new security risks to their environment too.įirst of all, here’s a short video demonstrating our exploit in action: Although we didn’t manage to get a nice logo :) in this blog post we give some additional information regarding the issue. We reported the vulnerability with the help of Beyond Security, Symantec fixed the vulnerability on. You can get the detailed advisory on the following link:ĬVE-2014-3440 – Symantec Critical System Protection Remote Code Execution Today we release the details of CVE-2014-3440, a remote code execution vulnerability in Symantec Critical System Protection.
0 Comments
Read More
Leave a Reply. |