Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-3479

CWE-2644 documents4 sources
Severity
6.8MEDIUM
EPSS
0.5%
top 34.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Pcanywhere
Timeline
PublishedJan 25
Latest updateMay 14

Description

Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages1 packages

NVDsymantec/pcanywhere4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-cwg9-p6fm-4cj6: Symantec pcAnywhere 122022-05-14
CVEList
CVE-2011-3479: Symantec pcAnywhere 122012-01-25

💥Exploits & PoCs

1
Exploit-DB
Symantec pcAnywhere - Insecure File Permissions Privilege Escalation2012-05-02
CVE-2011-3479 (MEDIUM CVSS 6.8) | Symantec pcAnywhere 12.5.x through | cvebase.io