Symantec Endpoint Protection Manager Authentication Bypass Exploit

This module exploit three different vulnerabilities in Symantec Endpoint Protection Manager (SEPM) in order to install an agent on a vunlerable target machine. CVE-2015-1486 allows unauthenticated attackers access to SEPM. CVE-2015-1487 allows reading and writing arbitrary files, resulting in the execution of arbitrary commands with 'NT Service\semsrv' privileges. CVE-2015-1489 allows the execution of arbitrary OS commands with 'NT Authority\SYSTEM' privileges.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2015-1486
Product Version: 
2014_R2
Released Date: 
Friday, September 25, 2015 - 00:00