Arbitrary Command Execution via Log File Upload in Symantec Critical System Protection and Symantec Data Center Security

Arbitrary Command Execution via Log File Upload in Symantec Critical System Protection and Symantec Data Center Security

CVE-2014-3440 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.

Learn more about our Cis Benchmark Audit For Server Software.