Symantec updates Management console product
Symantec, the global giant in cyber-security, had recently updated its Console product so that it can patch a vulnerability which is believed to leave users susceptible to a directory traversal exploit.
The exploit can be leveraged when there is insufficient security validation of user-supplied input file names, such that characters representing " traverse to parent directory" are passed through to the file APIs, according to a Nov. 20 security update.
The goal of the attack would be to use an affected application to gain unauthorized access to the file system. The flaw affects Management console products prior to ITMS 8.1 RU4 and those affected are urged to update to the latest version as soon as possible.
Patches are available to customers through normal support channels and researchers are unaware of any exploits in the wild. In order to minimize the risk of vulnerability being exploited, researchers recommend users restrict access to administrative or management systems to authorized privileged users and Restrict remote access to trusted/authorized systems only.
Comments ( 0 )
No comments available