Vulnerability Description
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Endpoint Protection | <= 11.0.7.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/64128
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90224
- http://www.securityfocus.com/bid/64128
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90224
FAQ
What is CVE-2013-5009?
CVE-2013-5009 is a vulnerability with a CVSS score of 7.4 (HIGH). The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly per...
How severe is CVE-2013-5009?
CVE-2013-5009 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5009?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Endpoint Protection.