module

Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution

Disclosed
2014-02-24
Created
2018-05-30

Description

This module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager
versions 11.0, 12.0 and 12.1. When supplying a specially crafted XML external entity (XXE) request an attacker
can reach SQL injection affected components. As xp_cmdshell is enabled in the included
database instance, it's possible to execute arbitrary system commands on the target
with SYSTEM privileges.

Authors

Stefan Viehbock
Chris Graham
xistence xistence@0x90.nl

Platform

Windows

Architectures

x86

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


msf > use exploit/windows/antivirus/symantec_endpoint_manager_rce
msf exploit(symantec_endpoint_manager_rce) > show targets
...targets...
msf exploit(symantec_endpoint_manager_rce) > set TARGET < target-id >
msf exploit(symantec_endpoint_manager_rce) > show options
...show and set options...
msf exploit(symantec_endpoint_manager_rce) > exploit

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.