CVE-2015-8800

moderate-risk
Published 2016-06-08

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.

Do I need to act?

-
0.40% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.3/10 High
NETWORK / LOW complexity

Affected Products (6)

Symantec Embedded Security Critical System Protection
Symantec Critical System Protection
Symantec Data Center Security Server And Agents
Symantec Embedded Security Critical System Protection For Controllers And Devices

Affected Vendors

Broadcom

References (4)

Third Party Advisory http://www.securityfocus.com/bid/90886
Vendor Advisory http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit...
Third Party Advisory http://www.securityfocus.com/bid/90886
Vendor Advisory http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit...
41
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 13/34 · Low