CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4349
https://notcve.org/view.php?id=CVE-2012-4349
Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors. Vulnerabilidad no especificada en Symantec Network Access Control permite a usuarios locales ganar privilegios o causar una denegación de servicio a través de vectores desconocidos. • http://www.securityfocus.com/bid/56847 http://www.securitytracker.com/id?1027864 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00 •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 2CVE-2012-0289 – Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0289
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script. Desbordamiento de búfer en Symantec Endpoint Protection (SEP) v11.0.600x hasta v11.0.710x y Symantec Network Access Control (SNAC) v11.0.600x hasta v11.0.710x, permite a usuarios locales obtener privilegios, y modificar los datos o causar una denegación de servicio, a través de un script malicioso. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within SemSvc.exe which listens by default on TCP port 8443 (https). The SemSvc service exposes a servlet called 'AgentServlet" which allows remote users to activate certain tasks without prior authentication. • https://www.exploit-db.com/exploits/18916 http://www.securityfocus.com/bid/51795 http://www.securitytracker.com/id?1027093 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4981
https://notcve.org/view.php?id=CVE-2006-4981
Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs). Symantec Sygate NAC permite a atacantes físicamente próximos evitar los métodos de control y unirse a la red local seleccionando una dirección MAC falsificada asociada con una regla de excepción que (1) permite todos los dispositivos no Windows o (2) pone en la lista blanca (whitelist) cierto grupo de Identificadores Organizacionales Únicos (OUIs). • http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf http://www.securityfocus.com/archive/1/446421/100/0/threaded •