CRITICAL🇵🇱 Wersja polska

CVE-2024-23613

CVSS 10.0v3.1pub. 2024-01-26upd. 2024-11-21

A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

🤖 AI Analysis
How it works

The vulnerability (CWE-119, CWE-120) lies in improper handling of UpdateComputer tokens during their parsing by the axengine.exe component. A specially crafted network request containing a malicious token causes a buffer overflow in the process memory. Lack of authentication and no need for user interaction (CVSS: AV:N/AC:L/PR:N/UI:N) means the attack can be performed remotely by any anonymous attacker.

Impact

Successful exploitation of the vulnerability allows an attacker to remotely execute arbitrary code (RCE) with SYSTEM account privileges, which means complete takeover of the attacked operating system, including access to data, configuration, and the ability to perform further lateral movement in the network.

Mitigation & patch

Patches available from the vendor should be applied according to references. Additionally, until the patch is deployed, it is recommended to restrict network access to the axengine.exe component using firewall and network segmentation rules, so that the service is not available to unauthorized hosts.

Who is affected

Broadcom Symantec Deployment Solution version 7.9

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Broadcom Symantec Deployment Solutions

    APP
    Broadcom
    7.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2021-40438CRITICAL9.0⚠ KEVten sam vendor

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2018-1273CRITICAL9.8⚠ KEVten sam vendor

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...

CVE-2025-22248CRITICAL9.4PL ✓ten sam vendor

Bitnami Pgpool: domyślny dostęp bez uwierzytelnienia przez użytkownika 'repmgr'

CVE-2024-3596CRITICAL9.0PL ✓ten sam vendor

Atak przez fałszowanie odpowiedzi w protokole RADIUS (RFC 2865) via kolizja MD5

CVE-2024-23615CRITICAL10.0PL ✓ten sam vendor

Buffer overflow w Broadcom Symantec Messaging Gateway umożliwiający RCE jako root