Vulnerability Details : CVE-2013-5014
Public exploit exists!
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2013-5014
- cpe:2.3:a:symantec:endpoint_protection_manager:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection_manager:12.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection_manager:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection_manager:12.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:protection_center:12.0:*:*:*:small_business:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5014
81.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-5014
-
Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution
Disclosure Date: 2014-02-24First seen: 2020-04-26exploit/windows/antivirus/symantec_endpoint_manager_rceThis module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XML external entity (XXE) request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in t
CVSS scores for CVE-2013-5014
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2013-5014
-
http://www.exploit-db.com/exploits/31917
Symantec Endpoint Protection Manager - Remote Command Execution (Metasploit) - Windows remote Exploit
-
http://www.securityfocus.com/bid/65466
Symantec Endpoint Protection Manager CVE-2013-5014 XML External Entity Injection Vulnerability
-
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00
Symantec Endpoint Protection Manager VulnerabilitiesVendor Advisory
-
http://www.exploit-db.com/exploits/31853
Symantec Endpoint Protection Manager 11.0/12.0/12.1 - Remote Command Execution - Windows remote Exploit
Jump to