CVE-2013-5011 โ€” Path Traversal in Endpoint Protection

CWE-22 โ€” Path Traversal5 documents5 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 85.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Endpoint Protection
Timeline
PublishedJan 10
Latest updateMay 17

Description

Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

โ–ถNVDsymantec/endpoint_protection11.0.7.3+12

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-px7w-6p2f-6x8x: Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11โ†—2022-05-17
โ–ถ
CVEList
CVE-2013-5011: Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11โ†—2014-01-10
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
bind: named crash with an assertion failure on parsing malformed rdataโ†—2013-07-26
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2013-4854 bind: named crash with an assertion failure on parsing malformed rdataโ†—2013-07-26
โ–ถ
CVE-2013-5011 โ€” Path Traversal in Symantec | cvebase