Unrated severityNVD Advisory· Published Apr 30, 2007· Updated Apr 23, 2026
CVE-2007-2375
CVE-2007-2375
Description
The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.
Affected products
5cpe:2.3:a:symantec:enterprise_security_manager:5.5.3:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:symantec:enterprise_security_manager:5.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:enterprise_security_manager:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:enterprise_security_manager:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:enterprise_security_manager:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:enterprise_security_manager:6.5.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- secunia.com/advisories/24767nvdPatchVendor Advisory
- www.symantec.com/avcenter/security/Content/2007.04.05d.htmlnvdVendor Advisory
- www.securityfocus.com/bid/23287nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2007/1277nvd
News mentions
0No linked articles in our index yet.