CVE-2012-0295Code Injection in Endpoint Protection

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICALNVD
CNA5.8
EPSS
5.2%
top 10.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Endpoint Protection
Timeline
PublishedMay 23
Latest updateMay 4

Description

The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDsymantec/endpoint_protection12.1, 12.1.1000, 12.1.671+2

🔴Vulnerability Details

2
GHSA
GHSA-3x43-9cxq-4fwr: The Manager service in the management console in Symantec Endpoint Protection (SEP) 122022-05-04
CVEList
CVE-2012-0295: The Manager service in the management console in Symantec Endpoint Protection (SEP) 122012-05-23
CVE-2012-0295 — Code Injection in Symantec | cvebase