A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
The vulnerability (CWE-119, CWE-120) lies in improper handling of UpdateComputer tokens during their parsing by the axengine.exe component. A specially crafted network request containing a malicious token causes a buffer overflow in the process memory. Lack of authentication and no need for user interaction (CVSS: AV:N/AC:L/PR:N/UI:N) means the attack can be performed remotely by any anonymous attacker.
Successful exploitation of the vulnerability allows an attacker to remotely execute arbitrary code (RCE) with SYSTEM account privileges, which means complete takeover of the attacked operating system, including access to data, configuration, and the ability to perform further lateral movement in the network.
Patches available from the vendor should be applied according to references. Additionally, until the patch is deployed, it is recommended to restrict network access to the axengine.exe component using firewall and network segmentation rules, so that the service is not available to unauthorized hosts.
Broadcom Symantec Deployment Solution version 7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HBroadcom Symantec Deployment Solutions
APPBroadcom7.9
Related vulnerabilities
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...
Bitnami Pgpool: domyślny dostęp bez uwierzytelnienia przez użytkownika 'repmgr'
Atak przez fałszowanie odpowiedzi w protokole RADIUS (RFC 2865) via kolizja MD5
Buffer overflow w Broadcom Symantec Messaging Gateway umożliwiający RCE jako root