Vulnerabilities / Threats
2/18/2014
02:58 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Critical Vulnerabilities Completely Compromise Symantec Endpoint Protection

SEC Consult Vulnerability Lab finds major flaws

PR Newswire -- February 18, 2014

VIENNA, February 18, 2014 /PRNewswire/ --

The award-winning [1] and longtime leader of Gartner report league tables [2]; Symantec Endpoint Protection, developed by the US-based Symantec Corp. (Nasdaq: SYMC), was shipped without removing several critical security vulnerabilities [3]. The vulnerabilities were discovered in a routine '99er' security crash test by experts of the SEC Consult Vulnerability Lab (http://www.sec-consult.com). In a 99er security crash test, SEC Consult white-hat experts evaluate the product security for the maximum of 99 working hours to determine if this specific release of a product can be compromised by attackers.

The unremoved vulnerabilities enable state-sponsored or criminal hackers to take full control of the 'Symantec Endpoint Protection Manager' server. With the full control of the server the attackers could obliterate the endpoint protection provided by the Symantec solution as they would have full access to the protection features of the endpoints. SEC Consult experts recommend immediately installing the update released by the vendor to counter these vulnerabilities [4].

Since mid-2012 SEC Consult has identified several critical vulnerabilities in other Symantec products during routine security tests. A Support Backdoor was identified in Symantec Messaging Gateway [5] and for the Symantec Web Gateway [6]. The vulnerabilities found enabled attackers to run commands with the privileges of the 'root' operating system user and to perform surveillance activities.

SEC Consult strongly advises that customers of Symantec products should demand from the vendor exhaustive security tests by (European) security experts before the implementation of the respective software product.

SEC Consult generally recommends routine security crash tests for standard software products to prevent the procurement of 'toxic' (i.e. heavily insecure) software. Toxic Software contains severe security vulnerabilities and poses a severe and highly probable risk to the confidentiality, availability and integrity of its owner.

Further technical information can be found in the SEC Consult Security Advisory [3].

[1] http://www.scawardseurope.com/2013-winners

[2] http://www.symantec.com/connect/blogs/symantec-named-leader-gartner-magic-quadrant-endpoint-protection-platforms-12-year-span

[3] https://www.sec-consult.com/de/Vulnerability-Lab/Advisories.htm

[4 ]http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00

[5] https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm#a99

[6] https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm#a131

For further information please contact: Johannes Greil Head of SEC Consult Vulnerability Lab Phone: +43189030430 research@sec-consult.com

SOURCE SEC Consult Security Advisory

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0750
Published: 2015-05-22
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786.

CVE-2012-1978
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admi...

CVE-2015-0741
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

CVE-2015-0742
Published: 2015-05-21
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registrati...

CVE-2015-0746
Published: 2015-05-21
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.