Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-7288

CWE-2644 documents4 sources

Severity

9.0CRITICAL

EPSS

11.2%

top 6.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Encryption Management Server Symantec PGP Universal Server

Timeline

PublishedFeb 1

Latest updateMay 17

Description

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

▶NVDsymantec/encryption_management_server3.3.2

▶NVDsymantec/pgp_universal_server3.3.2

Patches

Patch: www.symantec.com ↗Patch: www.symantec.com ↗

🔴Vulnerability Details

GHSA

GHSA-3m8f-763m-9wm9: Symantec PGP Universal Server and Encryption Management Server before 3↗2022-05-17

▶

CVEList

CVE-2014-7288: Symantec PGP Universal Server and Encryption Management Server before 3↗2015-02-01

▶

💥Exploits & PoCs

Exploit-DB

Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection↗2015-01-30

▶