Just raising awareness of these known vulnerabilities in all previous releases of the 12.1 Symantec Endpoint Protection Manager (SEPM) and SEP client:
Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Multiple Issues (SYM15-007)
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00...
The management console for Symantec Endpoint Protection Manager (SEPM) is susceptible to multiple vulnerabilities including SQL Injection, authentication bypass, possible path traversal and the potential for arbitrary file read/write. SEP clients are susceptible to a binary planting vulnerability that could result in arbitrary code running with system privileges on a client.
....Symantec product engineers verified these issues. SEPM 12.1-RU6-MP1 contains updates that address these issues. Customers should implement the mitigations described below until the available update can be installed to address these issues. Symantec is not aware of exploitation of or adverse customer impact from this issue.
....
CVE
BID
Description
CVE-2015-1486
BID 76074
SEPM Authentication Bypass
CVE-2015-1487
BID 76094
SEPM Arbitrary File Write
CVE-2015-1488
BID 76077
SEPM Arbitrary File Read
CVE-2015-1489
BID 76078
SEPM Privilege Escalation
CVE-2015-1490
BID 76081
SEPM Path Traversal
CVE-2015-1491
BID 76079
SEPM SQL Injection
CVE-2015-1492
BID 76083
SEP Client Binary Planting
Please take measures to upgrade your environment. Mitigations are also available if it is not possible to upgrade immediately. Also, ensure that SEP's IPS component is installed and enabled. The following new IPS signatures will offer protection against attempted exploits of the vulnerabilities:
- 28651 (Web Attack: SEPM SQL Injection)
- 28650 (Web Attack: SEPM Directory Traversal)
- 28649 (Web Attack: SEPM unauthenticated password reset)
With thanks and best regards,
Mick