PatchSiren cyber security CVE debrief
CVE-2026-15379 Broadcom CVE debrief
CVE-2026-15379 is a medium-severity vulnerability in the Altiris WMI provider. The provider exposes a class that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. No admin privileges are required. This vulnerability affects Altiris WMI provider installations, potentially allowing unauthorized access to sensitive files.
- Vendor
- Broadcom
- Product
- Symantec IT Management Suite
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
System administrators and security teams responsible for managing Altiris WMI provider installations should be aware of this vulnerability. They should assess their exposure, apply vendor patches or updates, and monitor system logs for suspicious activity. Additionally, they should implement compensating controls to restrict access to sensitive files.
Technical summary
The Altiris WMI provider exposes a class (AltirisAgent_Stream) that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. The provider reverts to the LocalSystem context when servicing WMI queries without re-impersonating the caller. This allows local standard users to read SYSTEM-readable files, including configuration files, service logs, and secrets stored with SYSTEM/Administrator-only ACLs.
Defensive priority
Medium
Recommended defensive actions
- Inventory and assess Altiris WMI provider installations
- Apply vendor patches or updates
- Monitor system logs for suspicious activity
- Implement compensating controls to restrict access to sensitive files
- Review and verify system configurations for potential vulnerabilities
- Track and document changes to system security settings
Evidence notes
Evidence is limited. Official CVE record and NVD detail provide basic information. Vendor advisory from Broadcom is available. The Altiris WMI provider's vulnerability allows local standard users to read SYSTEM-readable files. Evidence is based on CVE and NVD details. Limited vendor advisory information is available from Broadcom.
Official resources
-
CVE-2026-15379 CVE record
CVE.org
-
CVE-2026-15379 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T08:16:57.773Z and has not been modified since then.