Symantec has released an update to address a directory traversal vulnerability in the Symantec Management Console.
Tracked as CVE-2017-15527, the security flaw has a CVSS score of 7.6 and has been assessed with a High severity rating, Symantec explains in an advisory published on Monday. The issue has been addressed in Symantec Management Console version ITMS 8.1 RU4 and all previous versions of the product are deemed vulnerable.
The directory traversal exploit is a type of attack that occurs when user-supplied input file names aren’t properly validated or sanitized from a security perspective. Thus, characters representing “traverse to parent directory” are allowed to pass through to the file APIs.
By utilizing such attacks, a malicious actor can leverage the affected application to gain unauthorized access to the file system, Symantec explains in its advisory.
According to Symantec, the issue was validated by the product team engineers and an update to the Symantec Management Console was released to address it.
“Note that the latest Symantec Management Console release and patches are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from this issue,” the company says.
To reduce risk of attack, Symantec recommends restricting access to administrative or management systems to authorized privileged users; restricting remote access to trusted/authorized systems only; and using the principle of least privilege, where possible.
All systems and applications should be kept updated, a multi-layered approach to security should be adopted, and network and host-based intrusion detection systems should be deployed to monitor network traffic for suspicious activity, the company notes.
The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI) too has issued an alert (in German) on the Symantec Management Console directory traversal vulnerability, noting that the issue can be exploited remotely from a local network.