Vulnerability Description
The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Enterprise Security Manager | 5.5.3 |
References
- http://secunia.com/advisories/24767PatchVendor Advisory
- http://www.securityfocus.com/bid/23287
- http://www.securitytracker.com/id?1017881
- http://www.symantec.com/avcenter/security/Content/2007.04.05d.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2007/1277
- http://secunia.com/advisories/24767PatchVendor Advisory
- http://www.securityfocus.com/bid/23287
- http://www.securitytracker.com/id?1017881
- http://www.symantec.com/avcenter/security/Content/2007.04.05d.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2007/1277
FAQ
What is CVE-2007-2375?
CVE-2007-2375 is a vulnerability with a CVSS score of 10.0 (HIGH). The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code v...
How severe is CVE-2007-2375?
CVE-2007-2375 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2375?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Enterprise Security Manager.