CVE-2008-2291

CWE-2554 documents4 sources

Severity

7.5HIGH

EPSS

2.2%

top 15.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Altiris Deployment Solution

Timeline

PublishedMay 18

Latest updateMay 1

Description

axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsymantec/altiris_deployment_solution6.9 — 6.9.176+1

Patches

Patch: www.symantec.com ↗Patch: www.symantec.com ↗

🔴Vulnerability Details

GHSA

GHSA-8f24-2cm6-vqqv: axengine↗2022-05-01

▶

CVEList

CVE-2008-2291: axengine↗2008-05-18

▶

💥Exploits & PoCs

Exploit-DB

Intel Network Adapter Diagnostic Driver - IOCTL Handling↗2015-03-14

▶