Vulnerability Details : CVE-2009-3109

Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.

Published 2009-09-08 23:30:01

Updated 2013-02-07 04:21:40

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-3109

Probability of exploitation activity in the next 30 days: 0.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-3109

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2009-3109

Products affected by CVE-2009-3109

Symantec » Altiris Deployment Solution » Version: 6.9
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
Matching versions
Symantec » Altiris Deployment Solution » Version: 6.9 Update SP2
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
Matching versions
Symantec » Altiris Deployment Solution » Version: 6.9 Update SP1
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
Matching versions