PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15379 Broadcom CVE debrief

CVE-2026-15379 is a medium-severity vulnerability in the Altiris WMI provider. The provider exposes a class that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. No admin privileges are required. This vulnerability affects Altiris WMI provider installations, potentially allowing unauthorized access to sensitive files.

Vendor
Broadcom
Product
Symantec IT Management Suite
CVSS
MEDIUM 5.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

System administrators and security teams responsible for managing Altiris WMI provider installations should be aware of this vulnerability. They should assess their exposure, apply vendor patches or updates, and monitor system logs for suspicious activity. Additionally, they should implement compensating controls to restrict access to sensitive files.

Technical summary

The Altiris WMI provider exposes a class (AltirisAgent_Stream) that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. The provider reverts to the LocalSystem context when servicing WMI queries without re-impersonating the caller. This allows local standard users to read SYSTEM-readable files, including configuration files, service logs, and secrets stored with SYSTEM/Administrator-only ACLs.

Defensive priority

Medium

Recommended defensive actions

  • Inventory and assess Altiris WMI provider installations
  • Apply vendor patches or updates
  • Monitor system logs for suspicious activity
  • Implement compensating controls to restrict access to sensitive files
  • Review and verify system configurations for potential vulnerabilities
  • Track and document changes to system security settings

Evidence notes

Evidence is limited. Official CVE record and NVD detail provide basic information. Vendor advisory from Broadcom is available. The Altiris WMI provider's vulnerability allows local standard users to read SYSTEM-readable files. Evidence is based on CVE and NVD details. Limited vendor advisory information is available from Broadcom.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T08:16:57.773Z and has not been modified since then.