Vulnerability Details : CVE-2012-0290
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."
Products affected by CVE-2012-0290
- cpe:2.3:a:symantec:pcanywhere:*:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:11.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:11.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:12.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:12.6.7580:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:12.5.539:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:12.5:sp3:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:12.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:12.6.65:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:12.5:sp1:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:pcanywhere:12.5.265:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_client_management_suite_pcanywhere_solution:12.6:sp1:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_client_management_suite_pcanywhere_solution:12.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_client_management_suite_pcanywhere_solution:12.5:sp1:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_client_management_suite_pcanywhere_solution:12.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_client_management_suite_pcanywhere_solution:12.6:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_client_management_suite_pcanywhere_solution:12.6:sp2:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution_remote_pcanywhere_solution:12.5:sp1:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution_remote_pcanywhere_solution:12.6:sp1:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution_remote_pcanywhere_solution:12.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution_remote_pcanywhere_solution:12.6:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution_remote_pcanywhere_solution:12.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution_remote_pcanywhere_solution:12.6:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0290
0.81%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0290
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2012-0290
-
http://www.securityfocus.com/bid/51862
Symantec pcAnywhere Session Closure Access Violation Vulnerability
-
http://secunia.com/advisories/48092
Sign in
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72996
Symantec pcAnywhere unauthorized access CVE-2012-0290 Vulnerability Report
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
Symantec pcAnywhere Multiple Security UpdatesVendor Advisory
Jump to