CVE-2015-8798
moderate-risk
Published 2016-06-08
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Do I need to act?
~
2.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.0/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (6)
Symantec Data Center Security Server And Agents
Symantec Embedded Security Critical System Protection
Symantec Critical System Protection
Symantec Embedded Security Critical System Protection For Controllers And Devices
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/90884
Third Party Advisory
http://www.securityfocus.com/bid/90884
44
/ 100
moderate-risk
Severity
25/34 · High
Exploitability
6/34 · Minimal
Exposure
13/34 · Low