This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.ĭeploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. Keep all operating systems and applications updated with the latest vendor patches.įollow a multi-layered approach to security. Run under the principle of least privilege where possible to limit the impact of exploit by threats. Restrict remote access, if required, to trusted/authorized systems only. Restrict access to administration or management systems to privileged users. Updates will be available through customers' normal support/download locations.Īs part of normal best practices, Symantec strongly recommends: Symantec knows of no exploitation of or adverse customer impact from these issues. Symantec engineers fixed the issues in Symantec Endpoint Protection 12.1 RU1. Symantec product engineers verified the reported issues. Depending on the nature of the link it is possible for the URL to execute arbitrary html requests and scripts in the context of the targeted user Because both cross-site scripting and cross-site request forgery are trust exploitations, they generally require enticing a previously authenticated user to click on a link in a context such as a website or in an email.Ī successful exploitation of these issues is possible once a properly authenticated user clicks on a specially crafted link. Symantec was notified of a cross-site scripting and cross-site request forgery vulnerability within the Symantec Endpoint Protection Manager 12.1. The new assessment shows that Symantec Endpoint Protection 12.1 is also impacted. This advisory relates to SYM11-009 which accurately addressed the vulnerabilities in versions listed at the time. Symantec Endpoint Protection 12.1 SEP 12.1 RU1 () #DOWNLOAD SYMANTEC ENDPOINT PROTECTION MANAGER CONSOLE 12.1 CODE#Symantec Endpoint Protection Manager 12.1 web console is susceptible to cross-site scripting and cross-site request forgery that could potentially lead to arbitrary code execution. CVSS V2 Vector AV: AV:N/AC:M/Au:S/C:P/I:P/A:P
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |