Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3439 — Endpoint Protection Manager vulnerability

4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

12.4%

top 6.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Endpoint Protection Manager

Timeline

PublishedNov 7

Latest updateMay 14

Description

ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages1 packages

▶NVDsymantec/endpoint_protection_manager12.1.4+4

🔴Vulnerability Details

GHSA

GHSA-q2vv-3q42-xrpx: ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12↗2022-05-14

▶

CVEList

CVE-2014-3439: ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12↗2014-11-07

▶

💥Exploits & PoCs

Exploit-DB

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities↗2014-11-06

▶