CVE-2013-5016 : Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform,

Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.

Published 2014-05-08 10:55:03

Updated 2021-08-04 18:56:03

Source Symantec Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-5016

Probability of exploitation activity in the next 30 days: 0.34%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-5016

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C	4.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-5016

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-5016

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140502_00

Symantec Critical System Protection for Windows Default Policy Bypass
Vendor Advisory
http://www.securityfocus.com/bid/67161

Symantec Critical System Protection for Windows CVE-2013-5016 Security Bypass Vulnerability

Products affected by CVE-2013-5016

Broadcom » Symantec Critical System Protection
Versions up to, including, (<=) 5.2.8
cpe:2.3:a:broadcom:symantec_critical_system_protection:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2003 Server » Update R2

Vulnerability Details : CVE-2013-5016

Exploit prediction scoring system (EPSS) score for CVE-2013-5016

CVSS scores for CVE-2013-5016

CWE ids for CVE-2013-5016

References for CVE-2013-5016

Products affected by CVE-2013-5016