Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Symantec_critical_system_protection | Broadcom | 5.2.9 (including) | 5.2.9 (including) |
| Symantec_data_center_security_server | Broadcom | 6.5.0 (including) | 6.5.0 (including) |
| Symantec_data_center_security_server | Broadcom | 6.6.0 (including) | 6.6.0 (including) |
| Symantec_data_center_security_server_and_agents | Broadcom | 6.6.0 (including) | 6.6.0 (including) |
| Symantec_embedded_security_critical_system_protection | Broadcom | 1.0 (including) | 1.0 (including) |
| Symantec_embedded_security_critical_system_protection_for_controllers_and_devices | Broadcom | 6.5.0 (including) | 6.5.0 (including) |