CyberSec.Space Logo
Back to CVE Browser

CVE-2014-3440

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0310%
EPSS Percentile36.89th
PublishedJan 21, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.

Affected Platforms (CPE)

πŸ“¦
Broadcom

Symantec Critical System Protection

= 5.2.9
πŸ“¦
Symantec

Data Center Security

= 6.0.0

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2015/May/39
πŸ”— http://www.securityfocus.com/bid/72091
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00
πŸ”— http://seclists.org/fulldisclosure/2015/May/39
πŸ”— http://www.securityfocus.com/bid/72091
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00

Related Vulnerabilities

CVE-2019-183749.8

Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnera...

CVE-2015-81578.8

SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x bef...

CVE-2015-87988.0

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0...

CVE-2013-50167.6

Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows re...