CVE-2013-5008 — Sensitive Information Exposure in Management Platform

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 88.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Management Platform

Timeline

PublishedOct 10

Latest updateMay 17

Description

The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDsymantec/management_platform7.0, 7.1+1

Patches

Patch: www.symantec.com ↗Patch: www.symantec.com ↗

🔴Vulnerability Details

GHSA

GHSA-vmv6-chfj-88gf: The agent and task-agent components in Symantec Management Platform 7↗2022-05-17

▶

CVEList

CVE-2013-5008: The agent and task-agent components in Symantec Management Platform 7↗2013-10-10

▶