Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:M/U:Red
Local interactive session with low-privilege user required; full SYSTEM execution warrants high C/I/A, correcting the vendor's VC:H-only impact claim.
Primary rating from Vendor (symantec).
CVSS VectorVendor: symantec
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:M/U:Red
Lifecycle Timeline
1DescriptionCVE.org
A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain - no network access, no memory corruption required (ITMS 8.7.3)
AnalysisAI
Full SYSTEM-level code execution in Broadcom's Symantec IT Management Suite (ITMS) 8.7.3 is reachable by any non-administrator interactive user via a DCOM and Windows Task Scheduler logic chain, requiring no network access and no memory corruption. The attack is confined to the local host, meaning a standard user account with an interactive session on the ITMS server is sufficient to achieve unrestricted SYSTEM privileges. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an interactive user session - local console or Remote Desktop (RDP) - on the Windows host running ITMS 8.7.3, held by a non-administrator account. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.1 (Medium) materially understates the real-world significance of SYSTEM-level privilege escalation from a standard user account. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained a standard non-administrator Windows account on the ITMS 8.7.3 management server - via credential theft, phishing, or lateral movement from another host - establishes an interactive session through RDP. By invoking a crafted DCOM call or manipulating a task scheduler registration exposed by an ITMS service component, the attacker triggers the logic chain that causes code to execute under the SYSTEM account, granting unrestricted access to the host and, by extension, to the endpoint management infrastructure it controls. … |
| Remediation | Consult Broadcom Security Advisory ID 37995 at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37995 for the official patch or hotfix targeting ITMS 8.7.3; the exact patched release version is not independently confirmed from the available data, so the advisory is the authoritative source for upgrade targets. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45153
GHSA-gvhq-5mp7-wjmp