Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9226

CWE-2644 documents4 sources

Severity

7.2HIGH

EPSS

1.3%

top 20.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Symantec Critical System Protection Symantec Data Center Security

Timeline

PublishedJan 21

Latest updateMay 13

Description

The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDbroadcom/symantec_critical_system_protection5.2.9

▶NVDsymantec/data_center_security6.0.0

🔴Vulnerability Details

GHSA

GHSA-gx32-cqxf-6wm7: The management server in Symantec Critical System Protection (SCSP) 5↗2022-05-13

▶

CVEList

CVE-2014-9226: The management server in Symantec Critical System Protection (SCSP) 5↗2015-01-21

▶

💥Exploits & PoCs

Exploit-DB

Symantec Data Center Security - Multiple Vulnerabilities↗2015-01-26

▶