Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

SEP Vulnerabiltiy

1. SEP Vulnerabiltiy

Recommend
IN
Posted Jan 30, 2014 11:30 AM

Reply Reply Privately
Our vulnerabiity scanning software has identified SYM14-001 CVE-2013-5010 as a vulnerability. If I undertand Symantec's response to this, we need to upgrade to 12.1 ru2 or higher. On all of the machines i've checked that were identified as having this vulnerability, all are running 12.1.2015.2015. What do i need to do to remediate this SEP vulnerability?

Thank you.
2. RE: SEP Vulnerabiltiy

Recommend
ℬrίαη
Posted Jan 30, 2014 11:33 AM

Reply Reply Privately
How are you detecting this vuln? Are you scanning the machines? You're right this was fixed in 12.1.2 so it shouldn't show up for those versions. Have you tried upgrading to the latest version, 12.1.4?

This vulnerability affected application and device control, do you use it?

Symantec Endpoint Protection Application/Device Control Policy Security Bypass Vulnerability

http://www.securelist.com/en/advisories/56345
3. RE: SEP Vulnerabiltiy

Recommend
Migration User
Posted Jan 30, 2014 11:33 AM

Reply Reply Privately
Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20140109_00
4. RE: SEP Vulnerabiltiy

Recommend
IN
Posted Jan 30, 2014 11:39 AM

Reply Reply Privately
We do not use that at this time. We may in the near future. We just had to upgrade over 5000 clients to 12.1.2015 and 2093. I'm very hesitant to tell them we need to do yet another upgrade so soon after the last.
5. RE: SEP Vulnerabiltiy

Recommend
ℬrίαη
Posted Jan 30, 2014 11:41 AM

Reply Reply Privately
This was fixed in 12.1.2 (the version you're on) How is this being detected again, via scan?
6. RE: SEP Vulnerabiltiy

Recommend
IN
Posted Jan 30, 2014 11:43 AM

Reply Reply Privately
It is. we finished our upgrade at the end of september and it's still picking it up.
7. RE: SEP Vulnerabiltiy

Recommend
ℬrίαη
Posted Jan 30, 2014 11:45 AM

Reply Reply Privately
So all clients are at 12.1.2?

Doesn't really make sense since it was fixed in this version.

I would suggest a support call to find out what to do next...
8. RE: SEP Vulnerabiltiy

Recommend
IN
Posted Jan 30, 2014 11:45 AM

Reply Reply Privately
we use McAfee Foundstone Vulnerability Management software
9. RE: SEP Vulnerabiltiy

Recommend
ℬrίαη
Posted Jan 30, 2014 11:46 AM

Reply Reply Privately
Hang on for a few minutes, let me scan a few of my clients...
10. RE: SEP Vulnerabiltiy

Recommend
Rafeeq
Posted Jan 30, 2014 11:55 AM

Reply Reply Privately
Please upgrade to 12.1.4 check this article from Symantec employee

https://www-secure.symantec.com/connect/forums/upgrade-sepm-and-clients-correct-new-vulnerabilities-cve-2013-5009-cve-2013-5010-cve-2013-501
11. RE: SEP Vulnerabiltiy

Recommend
ℬrίαη
Posted Jan 30, 2014 11:59 AM

Reply Reply Privately
I'm not seeing this vuln come up on our clients with 12.1.2 and higher. My suggestion would be to first verify the client is at at least this version and if still showing than contact support.

Ideally, if you can upgrade than you need to do so.

Endpoint Protection

SEP Vulnerabiltiy

INJan 30, 2014 11:30 AM

ℬrίαηJan 30, 2014 11:33 AM

Migration UserJan 30, 2014 11:33 AM

INJan 30, 2014 11:39 AM

ℬrίαηJan 30, 2014 11:41 AM

INJan 30, 2014 11:43 AM

ℬrίαηJan 30, 2014 11:45 AM

INJan 30, 2014 11:45 AM

ℬrίαηJan 30, 2014 11:46 AM

RafeeqJan 30, 2014 11:55 AM

ℬrίαηJan 30, 2014 11:59 AM

1. SEP Vulnerabiltiy

2. RE: SEP Vulnerabiltiy

3. RE: SEP Vulnerabiltiy

4. RE: SEP Vulnerabiltiy

5. RE: SEP Vulnerabiltiy

6. RE: SEP Vulnerabiltiy

7. RE: SEP Vulnerabiltiy

8. RE: SEP Vulnerabiltiy

9. RE: SEP Vulnerabiltiy

10. RE: SEP Vulnerabiltiy

11. RE: SEP Vulnerabiltiy