CVE-2012-4348 - CERT CVE

  1. CVE-2012-4348

ID CVE-2012-4348
Sažetak The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
Reference
CVSS
Base: 7.2
Impact: 10.0
Exploitability:4.1
Pristup
VektorSloženostAutentikacija
ADJACENT_NETWORK LOW MULTIPLE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:A/AC:L/Au:M/C:C/I:C/A:C
Zadnje važnije ažuriranje 14-03-2013 - 03:10
Objavljeno 18-12-2012 - 20:55