CVE-2014-3440

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.0CRITICAL

EPSS

0.8%

top 25.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Symantec Critical System Protection Symantec Data Center Security

Timeline

PublishedJan 21

Latest updateMay 13

Description

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

▶NVDbroadcom/symantec_critical_system_protection5.2.9

▶NVDsymantec/data_center_security6.0.0

🔴Vulnerability Details

GHSA

GHSA-h4qp-ph3r-9hj4: The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5↗2022-05-13

▶

CVEList

CVE-2014-3440: The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5↗2015-01-21

▶