CVE Vulnerabilities

CVE-2007-2375

Published: Apr 30, 2007 | Modified: Mar 08, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.

Affected Software

Name Vendor Start Version End Version
Enterprise_security_manager Symantec 5.5.3 (including) 5.5.3 (including)
Enterprise_security_manager Symantec 6.0 (including) 6.0 (including)
Enterprise_security_manager Symantec 6.5 (including) 6.5 (including)
Enterprise_security_manager Symantec 6.5.1 (including) 6.5.1 (including)
Enterprise_security_manager Symantec 6.5.2 (including) 6.5.2 (including)

References