Symantec Management Console Directory Traversal (CVE-2017-15527)(SYM17-013)


Article ID: 170599


Updated On:


Patch Management Solution for Windows


The Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs. The goal of this attack is to use an affected application to gain unauthorized access to the file system.

Note: only Deployment Solution (DS), Software Management Framework (SMF) and Patch components are applicable to this vulnerability.





ITMS 7.6.x, 8.0.x, 8.1.x



This issue was validated by the product team engineers. Symantec Management Console updates which addresses the aforementioned issue:
ITMS 8.1 RU4 - available. ref DOC10690

ITMS 8.0 post-HF6 - Released
Fixes for PATCH component: see Patch 8.0 Cumulative HF6 v5 -- INFO4241
Fixes for SMF component: see SMF 8.0 Cumulative HF6 v2 -- INFO4241
Fixes for DS component: see SMF 8.0 Cumulative HF6 v5 -- INFO4241


ITMS 7.6 post-HF7 - Released
Fixes for PATCH component: see Patch 7.6 Cumulative HF7 v6 -- INFO3457
Fixes for SMF component: see SMA_SMF_SMP_7.6_POST_HF7_P2P 7.6 Cumulative HF7 v14 -- INFO3459
Fixes for DS component: see DS 7.6 Cumulative HF7 v9 -- INFO3459



Symantec recommends the following measures to reduce risk of attack:

    Restrict access to administrative or management systems to authorized privileged users.
    Restrict remote access to trusted/authorized systems only.
    Run under the principle of least privilege, where possible, to limit the impact of potential exploit.
    Keep all operating systems and applications current with vendor patches.
    Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection to both inbound and outbound threats.
    Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.