CVE-2007-2375

CWE-401 — Memory Leak4 documents4 sources

Severity

10.0CRITICAL

EPSS

9.0%

top 7.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Enterprise Security Manager

Timeline

PublishedApr 30

Latest updateMay 1

Description

The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDsymantec/enterprise_security_manager5 versions+4

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-cx6g-56cf-6737: The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which a↗2022-05-01

▶

CVEList

CVE-2007-2375: The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which a↗2007-04-30

▶

📋Vendor Advisories

Red Hat

older vsftpd authentication memory leak↗2006-06-28

▶