CVE-2015-8150
high
CVSS v3
7.8
CVSS v2
6.3
VIR risk
7.8
Description
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@symantec.com — http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | encryption_management_server | {"endIncluding":"3.3.2"} | |
References
- http://www.securityfocus.com/bid/83269
- http://www.securitytracker.com/id/1035063
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00
- http://www.securityfocus.com/bid/83269
- http://www.securitytracker.com/id/1035063
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.