Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2013-5014

Published: 14/02/2014 Updated: 26/03/2014
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Symantec

Vulnerability Summary

The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 prior to 11.0.7405.1424 and 12.1 prior to 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x prior to 12.1.4023.4080, allows remote malicious users to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Product Search on Vulmon Subscribe to Product

symantec protection center 12.0

symantec endpoint protection manager 12.1.0

symantec endpoint protection manager 11.0

symantec endpoint protection manager 12.1.3

symantec endpoint protection manager 12.1.1

symantec endpoint protection manager 12.1.2

Exploits

Exploit DB: Symantec Endpoint Protection Manager Remote Command Execution
Symantec Endpoint Protection Manager suffers from a remote command execution vulnerability Versions 110, 120, and 121 are affected ...
Exploit DB: Symantec Endpoint Protection Manager - Remote Command Execution (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include REXML include Msf::Exploit::CmdStagerVBS include Msf::Exploit::Remote: ...
Exploit DB: Symantec Endpoint Protection Manager 11.0/12.0/12.1 - Remote Command Execution
import argparse import httplib """ Exploit Title: Symantec Endpoint Protection Manager Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-5014, CVE-2013-5015 Date: February 22, 2014 Vendor Homepage: wwwsymanteccom/endpoint-protection Version: 110, 120, 121 Tested On: Windows Server 2003, default SEPM inst ...

References

NVD-CWE-Otherhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00http://www.securityfocus.com/bid/65466https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txthttp://www.exploit-db.com/exploits/31853http://www.exploit-db.com/exploits/31917https://nvd.nist.govhttps://packetstormsecurity.com/files/125366/Symantec-Endpoint-Protection-Manager-Remote-Command-Execution.htmlhttps://www.exploit-db.com/exploits/31917/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook