Skip to main content

Symantec It Management Suite

1 CVEs product

Monthly

CVE-2026-15379 MEDIUM This Month

Local privilege escalation via a misconfigured WMI provider in Broadcom's Symantec IT Management Suite (Altiris) exposes SYSTEM-readable files to any local standard user. The AltirisAgent_Stream WMI class fails to re-impersonate the calling user when servicing queries, reverting to the LocalSystem context instead - allowing unprivileged local users to bypass filesystem ACLs and read files that are restricted to SYSTEM or Administrator accounts, including configuration files, service logs, and stored secrets. No public exploit has been identified at time of analysis, though the technique is mechanically straightforward for any authenticated local user; the Broadcom advisory (SA 37995) is the authoritative disclosure source.

Authentication Bypass Symantec It Management Suite
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
EPSS 0% CVSS 5.1
MEDIUM This Month

Local privilege escalation via a misconfigured WMI provider in Broadcom's Symantec IT Management Suite (Altiris) exposes SYSTEM-readable files to any local standard user. The AltirisAgent_Stream WMI class fails to re-impersonate the calling user when servicing queries, reverting to the LocalSystem context instead - allowing unprivileged local users to bypass filesystem ACLs and read files that are restricted to SYSTEM or Administrator accounts, including configuration files, service logs, and stored secrets. No public exploit has been identified at time of analysis, though the technique is mechanically straightforward for any authenticated local user; the Broadcom advisory (SA 37995) is the authoritative disclosure source.

Authentication Bypass Symantec It Management Suite
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy