CVE-2009-3109

3 documents3 sources
Severity
9.3CRITICAL
EPSS
0.4%
top 40.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Altiris Deployment Solution
Timeline
PublishedSep 8
Latest updateMay 2

Description

Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: www.securityfocus.com ā†—Patch: www.securityfocus.com ā†—

šŸ”“Vulnerability Details

2
GHSA
GHSA-9272-j67v-qf39: Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6ā†—2022-05-02
ā–¶
CVEList
CVE-2009-3109: Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6ā†—2009-09-08
ā–¶
CVE-2009-3109 (CRITICAL CVSS 9.3) | Unspecified vulnerability in the AC | cvebase.io