A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
The vulnerability results from improper memory handling (CWE-119, CWE-120) in the axengine.exe component, leading to buffer overflow. An attacker can send appropriately crafted data over the network without needing to authenticate in the system. Successful exploitation of the vulnerability allows taking control of the process and executing code in its context.
An attacker gains the ability to execute arbitrary code (RCE) with SYSTEM account privileges, which means complete takeover of the attacked server, including access to all data and the ability to further spread within the network.
Apply patches available from the manufacturer according to the references. Additionally, it is recommended to restrict network access to the axengine.exe component using firewall rules so that it is accessible only from trusted IP addresses until the update is deployed.
Broadcom Symantec Server Management Suite version 7.9 and earlier
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HBroadcom Symantec Server Management Suite
APPBroadcom≤ 7.9
Related vulnerabilities
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...
Bitnami Pgpool: domyślny dostęp bez uwierzytelnienia przez użytkownika 'repmgr'
Atak przez fałszowanie odpowiedzi w protokole RADIUS (RFC 2865) via kolizja MD5
Buffer overflow w Broadcom Symantec Messaging Gateway umożliwiający RCE jako root