CVE-2017-15527 Information

Description

Prior to ITMS 8.1 RU4 the Symantec Management Console can be susceptible to a directory traversal exploit which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names such that characters representing \traverse to parent directory\ are passed through to the file APIs.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/101743 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171120_00

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.8