Endpoint Protection Small Business Edition

 View Only

  • 1.  SEPM - CVE-2015-1486, 1489, 1492

    Posted Sep 14, 2015 05:50 PM

    Since this product is supported until July 5th 2018 will these security vulnerabilities be addressed since there is no update beyond RU5?

    CVE-2015-1486 - The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.

    CVE-2015-1487 - The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.

    CVE-2015-1488 - An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.

    CVE-2015-1489 - The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.

    CVE-2015-1490 -  Directory traversal vulnerability in the management console in Symantec Endpoint
    Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.

    CVE-2015-1491 - SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

    CVE-2015-1492 - Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.

     

     



  • 2.  RE: SEPM - CVE-2015-1486, 1489, 1492

    Posted Sep 14, 2015 05:53 PM
    They will not be addressed. It's best you move to the SEP.cloud on prem or cloud version. I believe there are IPS signatures and a few other workarounds (firewall rules) you can implement though if needed.


  • 3.  RE: SEPM - CVE-2015-1486, 1489, 1492

    Posted Sep 14, 2015 06:08 PM

    Thanks Brian but from what I have read in the forums so far it does not encourage me to move to a partial working cloud platform that does not report client status correctly if at all. I feel like I am back being a beta tester again as I was with this product and once they worked all the bugs out they kill off the product and force us all to beta test their cloud product.

    I am not sure what you mean by sep.cloud on premise, is that not the same vunverble console found in SBE version?


    Thanks



  • 4.  RE: SEPM - CVE-2015-1486, 1489, 1492

    Posted Sep 14, 2015 06:13 PM
    It's a completely different product so the vulnerabilities that are found in SBE don't exist in the cloud version as far as I know.


  • 5.  RE: SEPM - CVE-2015-1486, 1489, 1492

    Posted Sep 14, 2015 07:09 PM

    Thanks Brian I will check it out, I was not aware the cloud on premise console was different as the SBE version, the EOL email lead me to believe something different, probably a wrong interpretation on my part.

    But I did go here and sure seems to me the on premise is the same console as SBE

    https://support.symantec.com/en_US/article.TECH215058.html

    I guess the part when they state this they don't really mean it?

    "During the Limited Support phase we will provide code modifications or Bug Fixes to address Problems where there has been data loss, production systems are inoperable, significant security vulnerabilities are identified, or there are other significant product defects."

    12.1 has end of limited support listed as November 4th 2017.

    Not trying to be argumentative here just trying to get answers for my bosses.

    Thanks.

     

     

     

     



  • 6.  RE: SEPM - CVE-2015-1486, 1489, 1492

    Posted Sep 14, 2015 07:26 PM

    Being that they specifically mentioned vulns and bugs that may well be the case that they will patch it.

    I was under the impression 12.1.5 was the last and final version to be released for SBE.



  • 7.  RE: SEPM - CVE-2015-1486, 1489, 1492

    Posted Sep 15, 2015 07:21 PM

    edited:duplicate post

     



  • 8.  RE: SEPM - CVE-2015-1486, 1489, 1492

    Posted Nov 06, 2015 12:58 PM

    They are fixed in SEPM EE....different product than SBE.



  • 9.  RE: SEPM - CVE-2015-1486, 1489, 1492

    Posted Nov 12, 2015 02:46 AM

    I also can´t understand your product politic! We use SEP SBE on promise since more than 4 years and was satisfied with teh solution. Because of some legal reglementations we are not allowed (and don´t want) to use Cloud services outside the EU. So on premise was a critical factor in purchasing decision. Since you announced the EOL of SEB SBE you don´t provide any security fixes or support for Windows 10. Two month before your announced the EOL we renew our subscription for another 3 years. Since the 12.1.5 we have many security relevant bugs at the manager and the client and NO fix for that. I´m absolutely not amused to pay maintenance and support for nothing! Could you please help me to provide a solution to operate a secure Symantec on premise installation?



  • 10.  RE: SEPM - CVE-2015-1486, 1489, 1492



  • 11.  RE: SEPM - CVE-2015-1486, 1489, 1492

    Posted Nov 23, 2015 04:11 AM

    We talking about the SEP SBE and not the EE edition. We need a solution for SBE!!!