Critical Vulnerability Information Vulnerability Description The Symantec Management Platform agent installs a registry service key used to retrieve packages from a package server. This key is locally accessible and may be extracted and decrypted by local authorized users who have access to the static key shared by all agents. Impact Severity CVSS2 Base Score: 5.5 Impact: 8.5 Exploitability: 2.7 CVSS2 Vector: AV:L/AC:M/Au:S/C:P/I:P/A:C Affected Products Unaffected Products Solutions Apply the Symantec Management Platform 7.1 SP2 MP1.1 v7 rollup version. Or migrate to Symantec Management Platform 7.5. Best Practices Restrict access to management systems. Limit remote access (if necessary). Operate with the principle of least privilege. Keep systems and applications updated with the latest patches. Implement a layered security approach. Deploy intrusion detection systems. Vulnerability Identification CVE-2013-5008 BID: 62757