- 34/2024
- Critical
Symantec has published several critical vulnerabilities in end-of-life versions across multiple products.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a buffer overflow and gain access to the affected products by sending specially crafted requests or persuading the victim to open a crafted document.
Sample of the addressed vulnerabilities:
Symantec Deployment Solution Buffer Overflow Vulnerability (CVE-2024-23613):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
The affected products:
- Symantec Data Loss Prevention versions 14.0.2 and before.
- Symantec Server Management Suite version 7.9 and before.
- Symantec Messaging Gateway version 10.5 and before.
- Symantec Deployment Solution version 7.9.
It should be highlighted that Symantec notifying that the affected product’s versions have reached the end of life and no patches are available.
Vulnerabilities
- CVE-2024-23613
- CVE-2024-23614
- CVE-2024-23615
- CVE-2024-23616
- CVE-2024-23617
Mitigations
The enterprise should upgrade all the end-of-life products to the newest versions.