CVE-2015-1487

Published: Aug 1, 2015Modified: May 6, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.

Affected (1)

Products: Symantec: Endpoint Protection Manager

Symantec

1 product

Endpoint Protection Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Symantec Endpoint Protection Manager	Version 12.1.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://www.securityfocus.com/bid/76094

Source: secure@symantec.com

http://www.securitytracker.com/id/1033165

Source: secure@symantec.com

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00

Source: secure@symantec.com

Vendor Advisory

https://www.exploit-db.com/exploits/37812/

Source: secure@symantec.com

http://www.securityfocus.com/bid/76094

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1033165

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.exploit-db.com/exploits/37812/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.