The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/24767 - Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/23287 - | |
References | () http://www.securitytracker.com/id?1017881 - | |
References | () http://www.symantec.com/avcenter/security/Content/2007.04.05d.html - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2007/1277 - |
Information
Published : 2007-04-30 23:19
Updated : 2024-11-21 00:30
NVD link : CVE-2007-2375
Mitre link : CVE-2007-2375
CVE.ORG link : CVE-2007-2375
JSON object : View
Products Affected
symantec
- enterprise_security_manager
CWE