cvelistv5 - cve-2015-8800

CVE-2015-8800 (GCVE-0-2015-8800)

Vulnerability from cvelistv5 – Published: 2016-06-08 14:00 – Updated: 2024-08-06 08:29

Summary

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.

Severity ?

No CVSS data available.

CWE

Assigner

symantec

References

URL

Tags

	http://www.symantec.com/security_response/securit…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/90886	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:22.044Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00"
          },
          {
            "name": "90886",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/90886"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-08T12:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00"
        },
        {
          "name": "90886",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/90886"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2015-8800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00"
            },
            {
              "name": "90886",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/90886"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2015-8800",
    "datePublished": "2016-06-08T14:00:00",
    "dateReserved": "2016-02-02T00:00:00",
    "dateUpdated": "2024-08-06T08:29:22.044Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4376B4E1-D8F4-4637-A884-B67DB2856976\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_data_center_security_server:6.5.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"250A6EC4-E131-4507-A79E-9D56F72B73B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_data_center_security_server:6.6.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"763B119A-55D0-46B1-89A7-2FB2A7499CFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_data_center_security_server_and_agents:6.6.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"DAE82126-DDBC-4DD5-A369-CFF47BC0B9C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4D3DC94-D0B9-474D-992E-8985A1D590FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection_for_controllers_and_devices:6.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63D28DA7-8880-4A84-8FCB-EE6D8F9964C0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.\"}, {\"lang\": \"es\", \"value\": \"Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x en versiones anteriores a 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 en versiones anteriores a MP1, Critical System Protection (SCSP) en versiones anteriores a 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x en versiones anteriores a 6.5 MP1 y 6.6 en versiones anteriores a MP1 y Data Center Security: Server Advanced Server and Agents (DCS:SA) hasta la versi\\u00f3n 6.6 MP1 permite a usuarios remotos autenticados llevar a cabo ataques de inyecci\\u00f3n de argumento aprovechando ciertos accesos de canalizaci\\u00f3n nombrada.\"}]",
      "id": "CVE-2015-8800",
      "lastModified": "2024-11-21T02:39:13.510",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:P\", \"baseScore\": 4.9, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-06-08T14:59:11.233",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/90886\", \"source\": \"secure@symantec.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00\", \"source\": \"secure@symantec.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/90886\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@symantec.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-74\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-8800\",\"sourceIdentifier\":\"secure@symantec.com\",\"published\":\"2016-06-08T14:59:11.233\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.\"},{\"lang\":\"es\",\"value\":\"Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x en versiones anteriores a 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 en versiones anteriores a MP1, Critical System Protection (SCSP) en versiones anteriores a 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x en versiones anteriores a 6.5 MP1 y 6.6 en versiones anteriores a MP1 y Data Center Security: Server Advanced Server and Agents (DCS:SA) hasta la versi\u00f3n 6.6 MP1 permite a usuarios remotos autenticados llevar a cabo ataques de inyecci\u00f3n de argumento aprovechando ciertos accesos de canalizaci\u00f3n nombrada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:P\",\"baseScore\":4.9,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4376B4E1-D8F4-4637-A884-B67DB2856976\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_data_center_security_server:6.5.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"250A6EC4-E131-4507-A79E-9D56F72B73B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_data_center_security_server:6.6.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"763B119A-55D0-46B1-89A7-2FB2A7499CFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_data_center_security_server_and_agents:6.6.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"DAE82126-DDBC-4DD5-A369-CFF47BC0B9C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4D3DC94-D0B9-474D-992E-8985A1D590FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection_for_controllers_and_devices:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63D28DA7-8880-4A84-8FCB-EE6D8F9964C0\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/90886\",\"source\":\"secure@symantec.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00\",\"source\":\"secure@symantec.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/90886\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2016-AVI-194

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Symantec. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Symantec	N/A	Symantec Critical System Protection (SCSP) versions antérieures à 5.2.9 MP6
Symantec	N/A	Symantec Data Center Security: Server Advanced Server (DCS:SA) versions antérieures à 6.5 MP1
Symantec	N/A	Symantec Data Center Security: Server Advanced Server (DCS:SA) versions 6.6 antérieures à 6.6 MP1
Symantec	N/A	Symantec Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) versions antérieures à 6.5.0 MP1
Symantec	N/A	Symantec Embedded Security: Critical System Protection (SES:CSP) versions antérieures à 1.0 MP5

References

Title

Publication Time

Tags

Bulletin de sécurité Symantec SYM16-009 du 07 juin 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Symantec Critical System Protection (SCSP) versions ant\u00e9rieures \u00e0 5.2.9 MP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Data Center Security: Server Advanced Server (DCS:SA) versions ant\u00e9rieures \u00e0 6.5 MP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Data Center Security: Server Advanced Server (DCS:SA) versions 6.6 ant\u00e9rieures \u00e0 6.6 MP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) versions ant\u00e9rieures \u00e0 6.5.0 MP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Embedded Security: Critical System Protection (SES:CSP) versions ant\u00e9rieures \u00e0 1.0 MP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-8799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8799"
    },
    {
      "name": "CVE-2015-8798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8798"
    },
    {
      "name": "CVE-2015-8800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8800"
    },
    {
      "name": "CVE-2015-8157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8157"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-194",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-06-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Symantec\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Symantec",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM16-009 du 07 juin 2016",
      "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00"
    }
  ]
}

CERTFR-2016-AVI-194

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Symantec	N/A	Symantec Critical System Protection (SCSP) versions antérieures à 5.2.9 MP6
Symantec	N/A	Symantec Data Center Security: Server Advanced Server (DCS:SA) versions antérieures à 6.5 MP1
Symantec	N/A	Symantec Data Center Security: Server Advanced Server (DCS:SA) versions 6.6 antérieures à 6.6 MP1
Symantec	N/A	Symantec Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) versions antérieures à 6.5.0 MP1
Symantec	N/A	Symantec Embedded Security: Critical System Protection (SES:CSP) versions antérieures à 1.0 MP5

References

Title

Publication Time

Tags

Bulletin de sécurité Symantec SYM16-009 du 07 juin 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Symantec Critical System Protection (SCSP) versions ant\u00e9rieures \u00e0 5.2.9 MP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Data Center Security: Server Advanced Server (DCS:SA) versions ant\u00e9rieures \u00e0 6.5 MP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Data Center Security: Server Advanced Server (DCS:SA) versions 6.6 ant\u00e9rieures \u00e0 6.6 MP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) versions ant\u00e9rieures \u00e0 6.5.0 MP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Embedded Security: Critical System Protection (SES:CSP) versions ant\u00e9rieures \u00e0 1.0 MP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-8799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8799"
    },
    {
      "name": "CVE-2015-8798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8798"
    },
    {
      "name": "CVE-2015-8800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8800"
    },
    {
      "name": "CVE-2015-8157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8157"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-194",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-06-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Symantec\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Symantec",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM16-009 du 07 juin 2016",
      "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00"
    }
  ]
}

CNVD-2016-03904

Vulnerability from cnvd - Published: 2016-06-12

Title

Symantec Embedded Security:Critical System Protection和Symantec Data Center Security: Server Advanced安全绕过漏洞

Description

Symantec Embedded Security:Critical System Protection（SES:CSP）和Symantec Data Center Security: Server Advanced（SDCS:SA）都是美国赛门铁克（Symantec）公司的安全产品。SES:CSP是一款轻量级的入侵检测和防御系统客户端产品；SDCS:SA为软件定义数据中心的物理和虚拟服务器提供了安全防护。 SES:CSP和SDCS:SA中存在安全漏洞。攻击者可利用该漏洞以‘命名管道写入/读取权限’注入任意参数，绕过代理中的安全保护机制。

Severity

中

Patch Name

Symantec Embedded Security:Critical System Protection和Symantec Data Center Security: Server Advanced安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00

Reference

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00

Impacted products

Name
['Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x<1.0 MP5', 'Symantec Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0<MP1', 'Symantec Critical System Protection (SCSP) <5.2.9 MP6', 'Symantec Data Center Security: Server Advanced Server (DCS:SA) 6.x<6.5 MP1', 'Symantec Data Center Security: Server Advanced Server (DCS:SA) 6.6<MP1', 'Symantec Data Center Security: Server Advanced Server and Agents (DCS:SA) <6.6 MP1']

Name

['Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x<1.0 MP5', 'Symantec Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0<MP1', 'Symantec Critical System Protection (SCSP) <5.2.9 MP6', 'Symantec Data Center Security: Server Advanced Server (DCS:SA) 6.x<6.5 MP1', 'Symantec Data Center Security: Server Advanced Server (DCS:SA) 6.6<MP1', 'Symantec Data Center Security: Server Advanced Server and Agents (DCS:SA) <6.6 MP1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-8800"
    }
  },
  "description": "Symantec Embedded Security:Critical System Protection\uff08SES:CSP\uff09\u548cSymantec Data Center Security: Server Advanced\uff08SDCS:SA\uff09\u90fd\u662f\u7f8e\u56fd\u8d5b\u95e8\u94c1\u514b\uff08Symantec\uff09\u516c\u53f8\u7684\u5b89\u5168\u4ea7\u54c1\u3002SES:CSP\u662f\u4e00\u6b3e\u8f7b\u91cf\u7ea7\u7684\u5165\u4fb5\u68c0\u6d4b\u548c\u9632\u5fa1\u7cfb\u7edf\u5ba2\u6237\u7aef\u4ea7\u54c1\uff1bSDCS:SA\u4e3a\u8f6f\u4ef6\u5b9a\u4e49\u6570\u636e\u4e2d\u5fc3\u7684\u7269\u7406\u548c\u865a\u62df\u670d\u52a1\u5668\u63d0\u4f9b\u4e86\u5b89\u5168\u9632\u62a4\u3002\r\n\r\nSES:CSP\u548cSDCS:SA\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u2018\u547d\u540d\u7ba1\u9053\u5199\u5165/\u8bfb\u53d6\u6743\u9650\u2019\u6ce8\u5165\u4efb\u610f\u53c2\u6570\uff0c\u7ed5\u8fc7\u4ee3\u7406\u4e2d\u7684\u5b89\u5168\u4fdd\u62a4\u673a\u5236\u3002",
  "discovererName": "Matthias Kaiser and Markus Wulftange with Code White",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03904",
  "openTime": "2016-06-12",
  "patchDescription": "Symantec Embedded Security:Critical System Protection\uff08SES:CSP\uff09\u548cSymantec Data Center Security: Server Advanced\uff08SDCS:SA\uff09\u90fd\u662f\u7f8e\u56fd\u8d5b\u95e8\u94c1\u514b\uff08Symantec\uff09\u516c\u53f8\u7684\u5b89\u5168\u4ea7\u54c1\u3002SES:CSP\u662f\u4e00\u6b3e\u8f7b\u91cf\u7ea7\u7684\u5165\u4fb5\u68c0\u6d4b\u548c\u9632\u5fa1\u7cfb\u7edf\u5ba2\u6237\u7aef\u4ea7\u54c1\uff1bSDCS:SA\u4e3a\u8f6f\u4ef6\u5b9a\u4e49\u6570\u636e\u4e2d\u5fc3\u7684\u7269\u7406\u548c\u865a\u62df\u670d\u52a1\u5668\u63d0\u4f9b\u4e86\u5b89\u5168\u9632\u62a4\u3002\r\n\r\nSES:CSP\u548cSDCS:SA\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u2018\u547d\u540d\u7ba1\u9053\u5199\u5165/\u8bfb\u53d6\u6743\u9650\u2019\u6ce8\u5165\u4efb\u610f\u53c2\u6570\uff0c\u7ed5\u8fc7\u4ee3\u7406\u4e2d\u7684\u5b89\u5168\u4fdd\u62a4\u673a\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Symantec Embedded Security:Critical System Protection\u548cSymantec Data Center Security: Server Advanced\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x\u003c1.0 MP5",
      "Symantec Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP)  6.5.0\u003cMP1",
      "Symantec Critical System Protection (SCSP)  \u003c5.2.9 MP6",
      "Symantec Data Center Security: Server Advanced Server (DCS:SA) 6.x\u003c6.5 MP1",
      "Symantec Data Center Security: Server Advanced Server (DCS:SA) 6.6\u003cMP1",
      "Symantec  Data Center Security: Server Advanced Server and Agents (DCS:SA) \u003c6.6 MP1"
    ]
  },
  "referenceLink": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00",
  "serverity": "\u4e2d",
  "submitTime": "2016-06-08",
  "title": "Symantec Embedded Security:Critical System Protection\u548cSymantec Data Center Security: Server Advanced\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

GHSA-JGV7-7943-GRR9

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06

Details

Severity ?

7.3 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-8800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-06-08T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.",
  "id": "GHSA-jgv7-7943-grr9",
  "modified": "2022-05-13T01:06:08Z",
  "published": "2022-05-13T01:06:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8800"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/90886"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2015-8800

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-8800

Aliases

CVE-2015-8800

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-8800",
    "description": "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.",
    "id": "GSD-2015-8800"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-8800"
      ],
      "details": "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.",
      "id": "GSD-2015-8800",
      "modified": "2023-12-13T01:20:03.730324Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@symantec.com",
        "ID": "CVE-2015-8800",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00",
            "refsource": "CONFIRM",
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00"
          },
          {
            "name": "90886",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/90886"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.5.0:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.6.0:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_data_center_security_server_and_agents:6.6.0:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection_for_controllers_and_devices:6.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2015-8800"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "90886",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/90886"
            },
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.1,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2021-09-09T17:43Z",
      "publishedDate": "2016-06-08T14:59Z"
    }
  }
}

FKIE_CVE-2015-8800

Vulnerability from fkie_nvd - Published: 2016-06-08 14:59 - Updated: 2025-04-12 10:46

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Summary

References

URL	Tags
secure@symantec.com	http://www.securityfocus.com/bid/90886	Third Party Advisory, VDB Entry
secure@symantec.com	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/90886	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00	Vendor Advisory

Impacted products

Vendor	Product	Version
broadcom	symantec_critical_system_protection	5.2.9
broadcom	symantec_data_center_security_server	6.5.0
broadcom	symantec_data_center_security_server	6.6.0
broadcom	symantec_data_center_security_server_and_agents	6.6.0
broadcom	symantec_embedded_security_critical_system_protection	1.0
broadcom	symantec_embedded_security_critical_system_protection_for_controllers_and_devices	6.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4376B4E1-D8F4-4637-A884-B67DB2856976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.5.0:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "250A6EC4-E131-4507-A79E-9D56F72B73B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.6.0:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "763B119A-55D0-46B1-89A7-2FB2A7499CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_data_center_security_server_and_agents:6.6.0:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DAE82126-DDBC-4DD5-A369-CFF47BC0B9C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D3DC94-D0B9-474D-992E-8985A1D590FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection_for_controllers_and_devices:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D28DA7-8880-4A84-8FCB-EE6D8F9964C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access."
    },
    {
      "lang": "es",
      "value": "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x en versiones anteriores a 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 en versiones anteriores a MP1, Critical System Protection (SCSP) en versiones anteriores a 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x en versiones anteriores a 6.5 MP1 y 6.6 en versiones anteriores a MP1 y Data Center Security: Server Advanced Server and Agents (DCS:SA) hasta la versi\u00f3n 6.6 MP1 permite a usuarios remotos autenticados llevar a cabo ataques de inyecci\u00f3n de argumento aprovechando ciertos accesos de canalizaci\u00f3n nombrada."
    }
  ],
  "id": "CVE-2015-8800",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-08T14:59:11.233",
  "references": [
    {
      "source": "secure@symantec.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/90886"
    },
    {
      "source": "secure@symantec.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/90886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160607_00"
    }
  ],
  "sourceIdentifier": "secure@symantec.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-8800 (GCVE-0-2015-8800)

CERTFR-2016-AVI-194

Solution

CERTFR-2016-AVI-194

Solution

CNVD-2016-03904

GHSA-JGV7-7943-GRR9

GSD-2015-8800

FKIE_CVE-2015-8800

Tags

Sightings

Nomenclature