CVE-2015-8801

Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.

Published: Jul 1, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-8801
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.9
AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.3
AV:L/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-284
CWE-254

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
symantec / endpoint_protection_manager	-	12.1.6.x

http://www.securityfocus.com/bid/91446
http://www.securitytracker.com/id/1036196
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01

Vulnerability Database

289,784

CVE-2015-8801