Short Name |
APP:SYMC:SCAN-ENG-AUTH-BYPASS |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Symantec Scan Engine Authentication Bypass |
Release Date |
2013/01/07 |
Update Number |
2222 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Symantec Scan Engine product. A successful attack can lead to authentication bypass and unauthorized information disclosure.
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.