Symantec Endpoint Protection Authentication Bypass Vulnerability (CVE-2015-1486)
Symantec Endpoint Protection Authentication Bypass Vulnerability (CVE-2015-1486)
Release date:
Updated on:
Affected Systems:
Symantec Endpoint Protection Manager <12.1-RU6-MP1
Description:
Bugtraq id: 76074
CVE (CAN) ID: CVE-2015-1486
Symantec Endpoint Protection (SEP) is a new generation of anti-virus and firewall products developed by Symantec Corporation.
Symantec Endpoint Protection 12.1-a security vulnerability exists on the Management Console implementation that allows remote users to trigger new management sessions by constructing Password Reset operations, this vulnerability allows you to bypass authentication.
<* Source: Markus Wulftange
Link: http://www.symantec.com/security_response/securityupdates/detail.jsp? Fid = security_advisory & pvid = secu
*>
Suggestion:
Vendor patch:
Symantec
--------
Symantec has released a Security Bulletin (SYM15-007) and patches for this:
SYM15-007: Symantec Endpoint Protection Multiple Issues
Link: http://www.symantec.com/security_response/securityupdates/detail.jsp? Fid = security_advisory & pvid = secu
This article permanently updates the link address: