CVE-2014-7288
published 2015-02-01CVE-2014-7288: Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands…
PriorityP261critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
8.12%
94.1th percentile
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| symantec | encryption_management_server | <= 3.3.2 | — |
| symantec | pgp_universal_server | <= 3.3.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to /omc/uploadBackup.event for filenames containing pipe characters (|) or backtick-enclosed commands, which indicate command injection attempts via the filename parameter. ↗
- →The user supplied 'filename' value is passed unsanitized to /usr/bin/pgpbackup via fork(); alert on process executions of pgpbackup with arguments containing shell metacharacters such as pipe (|) or backticks. ↗
- →Watch for unexpected child processes spawned by pgpsysconf or pgpbackup (e.g., ping, sh, or package installation commands), as the vulnerability can be leveraged to gain local root via the setuid binary pgpsysconf. ↗
- ·Only remote authenticated administrators can exploit this vulnerability; unauthenticated access is not sufficient. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/35949http://www.osvdb.org/117766http://www.securityfocus.com/bid/72308http://www.securitytracker.com/id/1031673http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00https://exchange.xforce.ibmcloud.com/vulnerabilities/100763http://www.exploit-db.com/exploits/35949http://www.osvdb.org/117766http://www.securityfocus.com/bid/72308http://www.securitytracker.com/id/1031673http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00https://exchange.xforce.ibmcloud.com/vulnerabilities/100763
2015-02-01
Published