Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0292

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.0MEDIUM

EPSS

2.1%

top 15.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Pcanywhere Symantec Altiris Client Management Suite Pcanywhere Solution Symantec Altiris Climentent Manage Suite Pcanywhere Solution +2 more

Timeline

PublishedMar 8

Latest updateMay 4

Description

The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDsymantec/altiris_client_management_suite_pcanywhere_solution7.0

▶NVDsymantec/altiris_it_management_suite_pcanywhere_solution7.0, 7.1+1

▶NVDsymantec/altiris_deployment_solution_remote_pcanywhere_solution7.1

▶NVDsymantec/altiris_climentent_manage_suite_pcanywhere_solution7.1

▶NVDsymantec/pcanywhere12.5+15

🔴Vulnerability Details

GHSA

GHSA-444q-7pcf-frfw: The awhost32 service in Symantec pcAnywhere through 12↗2022-05-04

▶

CVEList

CVE-2012-0292: The awhost32 service in Symantec pcAnywhere through 12↗2012-03-08

▶

💥Exploits & PoCs

Exploit-DB

pcAnywhere 12.5.0 build 463 - Denial of Service↗2012-02-17

▶