Vulnerability CVE-2012-0290


Published: 2012-02-06   Modified: 2012-02-13

Description:
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Symantec -> Altiris client management suite pcanywhere solution 
Symantec -> Altiris deployment solution remote pcanywhere solution 
Symantec -> Pcanywhere 

 References:
http://secunia.com/advisories/48092
http://www.securityfocus.com/bid/51862
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/72996

Copyright 2022, cxsecurity.com

 

Back to Top