Auth bypass in Symantec Endpoint_protection

CVE-2013-5009

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remot…

Vulnerability class: Broken Authentication

EPSS: 0.003 (53.9th percentile) — read the EPSS interpretation.

Affected products

Symantec Endpoint_protection — versions 11.0, 11.0.1, 11.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

64128 (vdb-entry, x_refsource_BID)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
symantec-endpoint-cve20135009-priv-esc(90224) (vdb-entry, x_refsource_XF)