Vulnerability Description
The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Endpoint Protection | <= 11.0.7.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/64129
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90225
- http://www.securityfocus.com/bid/64129
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90225
FAQ
What is CVE-2013-5010?
CVE-2013-5010 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x b...
How severe is CVE-2013-5010?
CVE-2013-5010 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5010?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Endpoint Protection.