Symantec warns of vulnerabilities in Endpoint Protection
Symantec recommends that users of its Endpoint Protection software, SEP, upgrade their systems. Three vulnerabilities have been identified in the package for centralized management of enterprise security software.
Two of the bugs, a cross-site scripting and a sql injection vulnerability, are in SEP’s admin panel. This can be accessed via a browser, which can be used to log in to the SEP management server over a network or locally. If a user is logged in through the console, higher privileges can be obtained via xss or sql injection.
The other bug concerns a driver, SysPlant.sys. The bug in the driver makes it possible to bypass SEP’s security checks. It concerns protection against running bad or untrusted code on PCs within the network on which SEP is active. If the driver stops working, malicious code can be executed.
Symantec recommends that you upgrade to version 12.1 RU6 MP4 of Symantec Endpoint Protection as soon as possible. The vulnerabilities have been fixed in this version. In addition, the company recommends limiting admin access to the SEP console as much as possible. It is not yet known whether the vulnerabilities have been abused.