That can result in the full compromise of a whole corporate network. In combination, they effectively allow an unauthenticated attacker the execution of arbitrary commands with 'NT Authority\SYSTEM' privileges on both the SEP Manager (SEPM) server, as well as on SEP clients running Windows.
In this post, we will take a closer look at some of the discovered vulnerabilities in detail and demonstrate their exploitation. Taking control of the manager can yield a takeover of the whole enterprise network. In a recent research project, Markus Wulftange of Code White discovered several critical vulnerabilities in the Symantec Endpoint Protection (SEP) suite 12.1, affecting versions prior to 12.1 RU6 MP1 (see SYM15-007).Īs with any centralized enterprise management solution, compromising a management server is quite attractive for an attacker, as it generally allows some kind of control over its managed clients.
0 kommentar(er)
