Back to overview

CVE-2026-15379

MEDIUM
5.1
CVSS 4.0
Description
The Altiris WMI provider exposes a class (AltirisAgent_Stream) that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. No admin privileges required. The provider reverts to the LocalSystem context when servicing WMI queries without re-impersonating the caller. Any local standard user can therefore read SYSTEM-readable files — including configuration files, service logs, and secrets stored with SYSTEM/Administrator-only ACLs — by querying the provider directly.

Metadata

CVE ID
CVE-2026-15379
State
PUBLISHED
Assigner
symantec
Reserved
2026-07-10 09:09 UTC
Published
2026-07-17 06:47 UTC
Last updated
2026-07-17 10:10 UTC
Vendor / Product
Broadcom / Symantec IT Management Suite
Sources
cve.org  ·  NVD

Severity & Metrics

5.1 MEDIUM CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A/V:C/RE:M/U:Red
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Broadcom Symantec IT Management Suite 8.8, 8.8.1
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.1 MEDIUM 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A/V:C/RE:M/U:Red
Back to overview