Vulnerabilites related to broadcom - symantec_proxysg
cve-2017-13678
Vulnerability from cvelistv5
Published
2018-04-11 14:00
Modified
2024-09-16 23:40
Severity ?
EPSS score ?
Summary
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.
References
▼ | URL | Tags |
---|---|---|
https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103685 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040757 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Symantec Corporation | Advanced Secure Gateway (ASG) |
Version: 6.6 prior to 6.6.5.14 Version: 6.7 prior to 6.7.4.107 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.077Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "name": "103685", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103685" }, { "name": "1040757", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040757" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advanced Secure Gateway (ASG)", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.6 prior to 6.6.5.14" }, { "status": "affected", "version": "6.7 prior to 6.7.4.107" } ] }, { "product": "ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.5 prior to 6.5.10.8" }, { "status": "affected", "version": "6.6 prior to 6.6.5.14" }, { "status": "affected", "version": "6.7 prior to 6.7.4.107" } ] } ], "datePublic": "2018-04-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application." } ], "problemTypes": [ { "descriptions": [ { "description": "Stored XSS", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-03T09:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "name": "103685", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103685" }, { "name": "1040757", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040757" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-04-10T00:00:00", "ID": "CVE-2017-13678", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advanced Secure Gateway (ASG)", "version": { "version_data": [ { "version_value": "6.6 prior to 6.6.5.14" }, { "version_value": "6.7 prior to 6.7.4.107" } ] } }, { "product_name": "ProxySG", "version": { "version_data": [ { "version_value": "6.5 prior to 6.5.10.8" }, { "version_value": "6.6 prior to 6.6.5.14" }, { "version_value": "6.7 prior to 6.7.4.107" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Stored XSS" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "refsource": "CONFIRM", "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "name": "103685", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103685" }, { "name": "1040757", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040757" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2017-13678", "datePublished": "2018-04-11T14:00:00Z", "dateReserved": "2017-08-24T00:00:00", "dateUpdated": "2024-09-16T23:40:33.730Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18370
Vulnerability from cvelistv5
Published
2019-08-29 22:13
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
References
▼ | URL | Tags |
---|---|---|
https://support.symantec.com/us/en/article.SYMSA1472.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Symantec Corporation | Symantec Advanced Secure Gateway (ASG) |
Version: 6.6 and 6.7 prior to 6.7.4.2 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:08:21.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Symantec Advanced Secure Gateway (ASG)", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.6 and 6.7 prior to 6.7.4.2" } ] }, { "product": "Symantec ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.5 prior to 6.5.10.15" }, { "status": "affected", "version": "6.6" }, { "status": "affected", "version": "6.7 prior to 6.7.4.2" } ] } ], "descriptions": [ { "lang": "en", "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-site-scripting (XSS)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-29T22:13:35", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "ID": "CVE-2018-18370", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Symantec Advanced Secure Gateway (ASG)", "version": { "version_data": [ { "version_value": "6.6 and 6.7 prior to 6.7.4.2" } ] } }, { "product_name": "Symantec ProxySG", "version": { "version_data": [ { "version_value": "6.5 prior to 6.5.10.15" }, { "version_value": "6.6" }, { "version_value": "6.7 prior to 6.7.4.2" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-site-scripting (XSS)" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.symantec.com/us/en/article.SYMSA1472.html", "refsource": "CONFIRM", "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2018-18370", "datePublished": "2019-08-29T22:13:35", "dateReserved": "2018-10-15T00:00:00", "dateUpdated": "2024-08-05T11:08:21.643Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10257
Vulnerability from cvelistv5
Published
2018-01-10 02:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1040138 | vdb-entry, x_refsource_SECTRACK | |
https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102447 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Symantec Corporation | ASG |
Version: 6.6 Version: 6.7 prior to 6.7.2.1 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.820Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1040138", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040138" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "name": "102447", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102447" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ASG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.6" }, { "status": "affected", "version": "6.7 prior to 6.7.2.1" } ] }, { "product": "ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.5 prior to 6.5.10.6" }, { "status": "affected", "version": "6.6" }, { "status": "affected", "version": "6.7 prior to 6.7.2.1" } ] } ], "datePublic": "2018-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256." } ], "problemTypes": [ { "descriptions": [ { "description": "Reflected XSS", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-11T10:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "name": "1040138", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040138" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "name": "102447", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102447" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-01-09T00:00:00", "ID": "CVE-2016-10257", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ASG", "version": { "version_data": [ { "version_value": "6.6" }, { "version_value": "6.7 prior to 6.7.2.1" } ] } }, { "product_name": "ProxySG", "version": { "version_data": [ { "version_value": "6.5 prior to 6.5.10.6" }, { "version_value": "6.6" }, { "version_value": "6.7 prior to 6.7.2.1" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Reflected XSS" } ] } ] }, "references": { "reference_data": [ { "name": "1040138", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040138" }, { "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155", "refsource": "CONFIRM", "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "name": "102447", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102447" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2016-10257", "datePublished": "2018-01-10T02:00:00Z", "dateReserved": "2017-03-23T00:00:00", "dateUpdated": "2024-09-16T18:39:51.797Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-9100
Vulnerability from cvelistv5
Published
2017-05-11 14:01
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1040138 | vdb-entry, x_refsource_SECTRACK | |
https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102454 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Symantec Corporation | ASG |
Version: 6.6 prior to 6.6.5.13 Version: 6.7 prior to 6.7.3.1 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:42:10.357Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1040138", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040138" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "name": "102454", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102454" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ASG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.6 prior to 6.6.5.13" }, { "status": "affected", "version": "6.7 prior to 6.7.3.1" } ] }, { "product": "ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.5 prior to 6.5.10.6" }, { "status": "affected", "version": "6.6 prior to 6.6.5.13" }, { "status": "affected", "version": "6.7 prior to 6.7.3.1" } ] } ], "datePublic": "2018-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-11T10:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "name": "1040138", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040138" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "name": "102454", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102454" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-01-09T00:00:00", "ID": "CVE-2016-9100", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ASG", "version": { "version_data": [ { "version_value": "6.6 prior to 6.6.5.13" }, { "version_value": "6.7 prior to 6.7.3.1" } ] } }, { "product_name": "ProxySG", "version": { "version_data": [ { "version_value": "6.5 prior to 6.5.10.6" }, { "version_value": "6.6 prior to 6.6.5.13" }, { "version_value": "6.7 prior to 6.7.3.1" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "1040138", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040138" }, { "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155", "refsource": "CONFIRM", "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "name": "102454", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102454" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2016-9100", "datePublished": "2017-05-11T14:01:00Z", "dateReserved": "2016-10-28T00:00:00", "dateUpdated": "2024-09-16T20:42:42.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10258
Vulnerability from cvelistv5
Published
2018-04-11 14:00
Modified
2024-09-17 02:37
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
References
▼ | URL | Tags |
---|---|---|
https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103685 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040757 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Symantec Corporation | Advanced Secure Gateway (ASG) |
Version: 6.6 prior to 6.6.5.14 Version: 6.7 prior to 6.7.3.1 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.923Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "name": "103685", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103685" }, { "name": "1040757", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040757" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advanced Secure Gateway (ASG)", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.6 prior to 6.6.5.14" }, { "status": "affected", "version": "6.7 prior to 6.7.3.1" } ] }, { "product": "ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.5 prior to 6.5.10.8" }, { "status": "affected", "version": "6.6 prior to 6.6.5.14" }, { "status": "affected", "version": "6.7 prior to 6.7.3.1" } ] } ], "datePublic": "2018-04-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code." } ], "problemTypes": [ { "descriptions": [ { "description": "Unrestricted file upload", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-03T09:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "name": "103685", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103685" }, { "name": "1040757", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040757" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-04-10T00:00:00", "ID": "CVE-2016-10258", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advanced Secure Gateway (ASG)", "version": { "version_data": [ { "version_value": "6.6 prior to 6.6.5.14" }, { "version_value": "6.7 prior to 6.7.3.1" } ] } }, { "product_name": "ProxySG", "version": { "version_data": [ { "version_value": "6.5 prior to 6.5.10.8" }, { "version_value": "6.6 prior to 6.6.5.14" }, { "version_value": "6.7 prior to 6.7.3.1" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Unrestricted file upload" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "refsource": "CONFIRM", "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "name": "103685", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103685" }, { "name": "1040757", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040757" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2016-10258", "datePublished": "2018-04-11T14:00:00Z", "dateReserved": "2017-03-23T00:00:00", "dateUpdated": "2024-09-17T02:37:23.286Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-9097
Vulnerability from cvelistv5
Published
2017-05-11 14:01
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/101530 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1039701 | vdb-entry, x_refsource_SECTRACK | |
https://www.symantec.com/security-center/network-protection-security-advisories/SA146 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Symantec Corporation | Symantec Advanced Secure Gateway (ASG) and ProxySG |
Version: ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:42:10.388Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101530", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101530" }, { "name": "1039701", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039701" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Symantec Advanced Secure Gateway (ASG) and ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2" } ] } ], "datePublic": "2017-10-30T00:00:00", "descriptions": [ { "lang": "en", "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper user authorization", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-01T09:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "name": "101530", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101530" }, { "name": "1039701", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039701" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2017-10-30T00:00:00", "ID": "CVE-2016-9097", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Symantec Advanced Secure Gateway (ASG) and ProxySG", "version": { "version_data": [ { "version_value": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper user authorization" } ] } ] }, "references": { "reference_data": [ { "name": "101530", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101530" }, { "name": "1039701", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039701" }, { "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146", "refsource": "CONFIRM", "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2016-9097", "datePublished": "2017-05-11T14:01:00Z", "dateReserved": "2016-10-28T00:00:00", "dateUpdated": "2024-09-16T17:33:11.446Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-5241
Vulnerability from cvelistv5
Published
2018-05-29 13:00
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.
References
▼ | URL | Tags |
---|---|---|
https://www.symantec.com/security-center/network-protection-security-advisories/SA167 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040993 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/104282 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Symantec Corporation | Advanced Secure Gateway (ASG) |
Version: 6.6 Version: 6.7 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:33:42.763Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167" }, { "name": "1040993", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040993" }, { "name": "104282", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104282" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advanced Secure Gateway (ASG)", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.6" }, { "status": "affected", "version": "6.7" } ] }, { "product": "ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.5" }, { "status": "affected", "version": "6.6" }, { "status": "affected", "version": "6.7" } ] } ], "datePublic": "2018-05-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles." } ], "problemTypes": [ { "descriptions": [ { "description": "Authentication bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-30T09:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167" }, { "name": "1040993", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040993" }, { "name": "104282", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104282" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-05-25T00:00:00", "ID": "CVE-2018-5241", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advanced Secure Gateway (ASG)", "version": { "version_data": [ { "version_value": "6.6" }, { "version_value": "6.7" } ] } }, { "product_name": "ProxySG", "version": { "version_data": [ { "version_value": "6.5" }, { "version_value": "6.6" }, { "version_value": "6.7" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Authentication bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167", "refsource": "CONFIRM", "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167" }, { "name": "1040993", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040993" }, { "name": "104282", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104282" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2018-5241", "datePublished": "2018-05-29T13:00:00Z", "dateReserved": "2018-01-05T00:00:00", "dateUpdated": "2024-09-17T03:28:24.667Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-18375
Vulnerability from cvelistv5
Published
2020-04-09 23:16
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Symantec Advanced Secure Gateway (ASG) and ProxySG |
Version: ASG 6.7.4 prior to 6.7.4.10, ASG 7.x prior to 7.2.0.1, ProxySG 6.7.4 prior to 6.7.4.10, ProxySG 7.x prior to 7.2.0.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:54:14.137Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Symantec Advanced Secure Gateway (ASG) and ProxySG", "vendor": "n/a", "versions": [ { "status": "affected", "version": "ASG 6.7.4 prior to 6.7.4.10, ASG 7.x prior to 7.2.0.1, ProxySG 6.7.4 prior to 6.7.4.10, ProxySG 7.x prior to 7.2.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console." } ], "problemTypes": [ { "descriptions": [ { "description": "Session hijacking", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-09T23:16:17", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "ID": "CVE-2019-18375", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Symantec Advanced Secure Gateway (ASG) and ProxySG", "version": { "version_data": [ { "version_value": "ASG 6.7.4 prior to 6.7.4.10, ASG 7.x prior to 7.2.0.1, ProxySG 6.7.4 prior to 6.7.4.10, ProxySG 7.x prior to 7.2.0.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Session hijacking" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752", "refsource": "MISC", "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2019-18375", "datePublished": "2020-04-09T23:16:17", "dateReserved": "2019-10-23T00:00:00", "dateUpdated": "2024-08-05T01:54:14.137Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10256
Vulnerability from cvelistv5
Published
2018-01-10 02:00
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1040138 | vdb-entry, x_refsource_SECTRACK | |
https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102451 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Symantec Corporation | ProxySG |
Version: 6.5 prior to 6.5.10.6 Version: 6.6 Version: 6.7 prior to 6.7.2.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.882Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1040138", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040138" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "name": "102451", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102451" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.5 prior to 6.5.10.6" }, { "status": "affected", "version": "6.6" }, { "status": "affected", "version": "6.7 prior to 6.7.2.1" } ] } ], "datePublic": "2018-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257." } ], "problemTypes": [ { "descriptions": [ { "description": "Reflected XSS", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-11T10:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "name": "1040138", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040138" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "name": "102451", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102451" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-01-09T00:00:00", "ID": "CVE-2016-10256", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ProxySG", "version": { "version_data": [ { "version_value": "6.5 prior to 6.5.10.6" }, { "version_value": "6.6" }, { "version_value": "6.7 prior to 6.7.2.1" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Reflected XSS" } ] } ] }, "references": { "reference_data": [ { "name": "1040138", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040138" }, { "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155", "refsource": "CONFIRM", "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "name": "102451", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102451" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2016-10256", "datePublished": "2018-01-10T02:00:00Z", "dateReserved": "2017-03-23T00:00:00", "dateUpdated": "2024-09-17T00:06:18.696Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13677
Vulnerability from cvelistv5
Published
2018-04-11 14:00
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
References
▼ | URL | Tags |
---|---|---|
https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103685 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040757 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Symantec Corporation | Advanced Secure Gateway (ASG) |
Version: 6.6 prior to 6.6.5.14 Version: 6.7 prior to 6.7.3.1 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.994Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "name": "103685", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103685" }, { "name": "1040757", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040757" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advanced Secure Gateway (ASG)", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.6 prior to 6.6.5.14" }, { "status": "affected", "version": "6.7 prior to 6.7.3.1" } ] }, { "product": "ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.5 prior to 6.5.10.8" }, { "status": "affected", "version": "6.6 prior to 6.6.5.14" }, { "status": "affected", "version": "6.7 prior to 6.7.3.1" } ] } ], "datePublic": "2018-04-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-03T09:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "name": "103685", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103685" }, { "name": "1040757", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040757" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-04-10T00:00:00", "ID": "CVE-2017-13677", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advanced Secure Gateway (ASG)", "version": { "version_data": [ { "version_value": "6.6 prior to 6.6.5.14" }, { "version_value": "6.7 prior to 6.7.3.1" } ] } }, { "product_name": "ProxySG", "version": { "version_data": [ { "version_value": "6.5 prior to 6.5.10.8" }, { "version_value": "6.6 prior to 6.6.5.14" }, { "version_value": "6.7 prior to 6.7.3.1" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "refsource": "CONFIRM", "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "name": "103685", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103685" }, { "name": "1040757", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040757" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2017-13677", "datePublished": "2018-04-11T14:00:00Z", "dateReserved": "2017-08-24T00:00:00", "dateUpdated": "2024-09-17T02:16:31.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18371
Vulnerability from cvelistv5
Published
2019-08-29 22:14
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
References
▼ | URL | Tags |
---|---|---|
https://support.symantec.com/us/en/article.SYMSA1472.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Symantec Corporation | Symantec Advanced Secure Gateway (ASG) |
Version: 6.6 and 6.7 prior to 6.7.4.2 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:08:21.699Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Symantec Advanced Secure Gateway (ASG)", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.6 and 6.7 prior to 6.7.4.2" } ] }, { "product": "Symantec ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.5 prior to 6.5.10.15" }, { "status": "affected", "version": "6.6" }, { "status": "affected", "version": "6.7 prior to 6.7.4.2" } ] } ], "descriptions": [ { "lang": "en", "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-29T22:14:58", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "ID": "CVE-2018-18371", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Symantec Advanced Secure Gateway (ASG)", "version": { "version_data": [ { "version_value": "6.6 and 6.7 prior to 6.7.4.2" } ] } }, { "product_name": "Symantec ProxySG", "version": { "version_data": [ { "version_value": "6.5 prior to 6.5.10.15" }, { "version_value": "6.6" }, { "version_value": "6.7 prior to 6.7.4.2" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.symantec.com/us/en/article.SYMSA1472.html", "refsource": "CONFIRM", "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2018-18371", "datePublished": "2019-08-29T22:14:58", "dateReserved": "2018-10-15T00:00:00", "dateUpdated": "2024-08-05T11:08:21.699Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-9099
Vulnerability from cvelistv5
Published
2017-05-11 14:01
Modified
2024-09-16 22:40
Severity ?
EPSS score ?
Summary
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102455 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040138 | vdb-entry, x_refsource_SECTRACK | |
https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Symantec Corporation | ASG |
Version: 6.6 Version: 6.7 prior to 6.7.2.1 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:42:10.150Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102455", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102455" }, { "name": "1040138", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040138" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ASG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.6" }, { "status": "affected", "version": "6.7 prior to 6.7.2.1" } ] }, { "product": "ProxySG", "vendor": "Symantec Corporation", "versions": [ { "status": "affected", "version": "6.5 prior to 6.5.10.6" }, { "status": "affected", "version": "6.6" }, { "status": "affected", "version": "6.7 prior to 6.7.2.1" } ] } ], "datePublic": "2018-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site." } ], "problemTypes": [ { "descriptions": [ { "description": "Open redirection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-11T10:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "name": "102455", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102455" }, { "name": "1040138", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040138" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-01-09T00:00:00", "ID": "CVE-2016-9099", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ASG", "version": { "version_data": [ { "version_value": "6.6" }, { "version_value": "6.7 prior to 6.7.2.1" } ] } }, { "product_name": "ProxySG", "version": { "version_data": [ { "version_value": "6.5 prior to 6.5.10.6" }, { "version_value": "6.6" }, { "version_value": "6.7 prior to 6.7.2.1" } ] } } ] }, "vendor_name": "Symantec Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Open redirection" } ] } ] }, "references": { "reference_data": [ { "name": "102455", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102455" }, { "name": "1040138", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040138" }, { "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155", "refsource": "CONFIRM", "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2016-9099", "datePublished": "2017-05-11T14:01:00Z", "dateReserved": "2016-10-28T00:00:00", "dateUpdated": "2024-09-16T22:40:30.815Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-30648
Vulnerability from cvelistv5
Published
2021-06-30 10:40
Modified
2024-08-03 22:40
Severity ?
EPSS score ?
Summary
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
References
▼ | URL | Tags |
---|---|---|
https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Advanced Secure Gateway (ASG) and ProxySG |
Version: ASG 6.6, ASG 6.7 prior to 6.7.4.17 or 6.7.5.12, ASG 7.2 prior to 7.2.7.2, ASG 7.3 prior to 7.3.3.3, ProxySG 6.5 prior to 6.5.10.16, ProxySG 6.6 prior to 6.6.5.19, ProxySG 6.7 prior to 6.7.3.15, 6.7.4.17, or 6.7.5.12, ProxySG 7.2 prior 7.2.7.2, ProxySG 7.3 prior to 7.3.3.3. |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:40:31.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advanced Secure Gateway (ASG) and ProxySG", "vendor": "n/a", "versions": [ { "status": "affected", "version": "ASG 6.6, ASG 6.7 prior to 6.7.4.17 or 6.7.5.12, ASG 7.2 prior to 7.2.7.2, ASG 7.3 prior to 7.3.3.3, ProxySG 6.5 prior to 6.5.10.16, ProxySG 6.6 prior to 6.6.5.19, ProxySG 6.7 prior to 6.7.3.15, 6.7.4.17, or 6.7.5.12, ProxySG 7.2 prior 7.2.7.2, ProxySG 7.3 prior to 7.3.3.3." } ] } ], "descriptions": [ { "lang": "en", "value": "The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance." } ], "problemTypes": [ { "descriptions": [ { "description": "Authentication bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-30T10:40:39", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@symantec.com", "ID": "CVE-2021-30648", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advanced Secure Gateway (ASG) and ProxySG", "version": { "version_data": [ { "version_value": "ASG 6.6, ASG 6.7 prior to 6.7.4.17 or 6.7.5.12, ASG 7.2 prior to 7.2.7.2, ASG 7.3 prior to 7.3.3.3, ProxySG 6.5 prior to 6.5.10.16, ProxySG 6.6 prior to 6.6.5.19, ProxySG 6.7 prior to 6.7.3.15, 6.7.4.17, or 6.7.5.12, ProxySG 7.2 prior 7.2.7.2, ProxySG 7.3 prior to 7.3.3.3." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Authentication bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331", "refsource": "MISC", "url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331" } ] } } } }, "cveMetadata": { "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2021-30648", "datePublished": "2021-06-30T10:40:39", "dateReserved": "2021-04-13T00:00:00", "dateUpdated": "2024-08-03T22:40:31.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2018-05-29 13:29
Modified
2024-11-21 04:08
Severity ?
Summary
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.
References
▼ | URL | Tags | |
---|---|---|---|
secure@symantec.com | http://www.securityfocus.com/bid/104282 | Third Party Advisory, VDB Entry | |
secure@symantec.com | http://www.securitytracker.com/id/1040993 | Third Party Advisory, VDB Entry | |
secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA167 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104282 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040993 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA167 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | advanced_secure_gateway | 6.6 | |
broadcom | advanced_secure_gateway | 6.7 | |
broadcom | symantec_proxysg | 6.5 | |
broadcom | symantec_proxysg | 6.6 | |
broadcom | symantec_proxysg | 6.7 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "3C1055B8-A926-4831-A8EC-E1A2C9DFFFDF", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "C90E531A-A9AF-47F4-BDC5-E40AEE3CCFD5", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "91A561A9-EA6E-461B-89FA-FA60F40C14B9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles." }, { "lang": "es", "value": "Symantec Advanced Secure Gateway (ASG) 6.6 y 6.7 y ProxySG 6.5, 6.6 y 6.7 son susceptibles a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n SAML. Los productos pueden configurarse con un realm de autenticaci\u00f3n SAML para autenticar a usuarios de red en tr\u00e1fico de proxy interceptado. Al parsear respuestas SAML, ASG y ProxySG gestionan incorrectamente los nodos XML con comentarios. Un atacante remoto puede modificar una respuesta SAML v\u00e1lida sin invalidar su firma criptogr\u00e1fica. Esto podr\u00eda permitir que el atacante omita los controles de seguridad de autenticaci\u00f3n en ASG y ProxySG. Esta vulnerabilidad solo afecta a la autenticaci\u00f3n de usuarios de red en el tr\u00e1fico interceptado. No afecta a la autenticaci\u00f3n de usuario administrador en las consolas de gesti\u00f3n de ASG y ProxySG." } ], "id": "CVE-2018-5241", "lastModified": "2024-11-21T04:08:24.510", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-05-29T13:29:00.617", "references": [ { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/104282" }, { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040993" }, { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/104282" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040993" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-06-30 11:15
Modified
2024-11-21 06:04
Severity ?
Summary
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "9672F60B-F28A-4343-9974-9959BD393AB9", "versionEndExcluding": "6.5.10.16", "versionStartIncluding": "6.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A764833-E6F8-4D84-BE5F-951820DD656A", "versionEndExcluding": "6.6.5.19", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD4B8490-8550-491B-A9CD-A52D8B79D155", "versionEndExcluding": "6.7.5.12", "versionStartIncluding": "6.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0050BA3-EFC3-48A6-8544-9E5DEF14A9CE", "versionEndExcluding": "7.2.7.2", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DB1BDF4-A549-459D-9FB5-1AD6925453D8", "versionEndExcluding": "7.3.3.3", "versionStartIncluding": "7.3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "98CC3B7A-43FA-4D4F-9940-9511A9449076", "versionEndExcluding": "6.7.4.17", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0D5D136-155C-4A46-904A-543645C53772", "versionEndExcluding": "6.7.5.12", "versionStartIncluding": "6.7.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD89FCD6-67B6-426A-AA80-E6A4D44B472A", "versionEndExcluding": "7.2.7.2", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EDD9E31-19E6-437C-A32F-F01319497E19", "versionEndExcluding": "7.3.3.3", "versionStartIncluding": "7.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s200-30:-:*:*:*:*:*:*:*", "matchCriteriaId": "7607245C-D417-48D7-876D-1E859215F426", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3504045-02F1-48A7-900C-64A280BB5676", "versionEndExcluding": "6.7.4.17", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B05AD57E-CACF-4D2C-B3A2-ABD24CB47A14", "versionEndExcluding": "6.7.5.12", "versionStartIncluding": "6.7.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "73FC75E0-5D1F-49EC-9B6F-611AF94E8CE6", "versionEndExcluding": "7.2.7.2", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AAD2096-A175-492D-A106-FCA726F742D9", "versionEndExcluding": "7.3.3.3", "versionStartIncluding": "7.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s200-40:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC9EBCDE-5890-4B9C-9B28-4BA6636320CF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "550B2E07-8330-43A1-8303-12EBD1EAA3CF", "versionEndExcluding": "6.7.4.17", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05B177FF-1C17-4B44-A5E8-BC42C6A88BB8", "versionEndExcluding": "6.7.5.12", "versionStartIncluding": "6.7.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F549852-ED15-4FF7-9673-432E7BCEC615", "versionEndExcluding": "7.2.7.2", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4F96BFC-1BA1-4E68-B60F-8F357BEEEBEA", "versionEndExcluding": "7.3.3.3", "versionStartIncluding": "7.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-20:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C57BAE4-DCCC-427E-8C90-1D8586F836D9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DD66EC5-4990-4523-92EE-6259417EA29D", "versionEndExcluding": "6.7.4.17", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5797A293-88B1-433E-BD59-0E43F3C105EA", "versionEndExcluding": "6.7.5.12", "versionStartIncluding": "6.7.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A43A9E1-CF92-4E19-8CEE-31719133A880", "versionEndExcluding": "7.2.7.2", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D133BFF-FE7D-4698-A13B-A707A76D3317", "versionEndExcluding": "7.3.3.3", "versionStartIncluding": "7.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-30:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFF36EA8-61F6-4D19-9AE1-AFF5EFDDC3E2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCD66B48-C227-4276-9D56-AA6AB7EB8C53", "versionEndExcluding": "6.7.4.17", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F910A085-3911-44F3-A8B1-403EB2D00558", "versionEndExcluding": "6.7.5.12", "versionStartIncluding": "6.7.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0311A56B-D775-4507-A146-43E0E2C62D62", "versionEndExcluding": "7.2.7.2", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "46DE0E11-E74E-4CA2-923A-7E78FD331EA8", "versionEndExcluding": "7.3.3.3", "versionStartIncluding": "7.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-40:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB67FB71-4979-4C89-A214-B1B8FAA1DBBF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDE99D7E-341D-47CD-9CBB-A7815B9B98CA", "versionEndExcluding": "6.7.4.17", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DDFA390-B788-45A3-BE77-131D2E265CF7", "versionEndExcluding": "6.7.5.12", "versionStartIncluding": "6.7.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "132FAE6F-1B32-4C66-8AFE-09A4CE823007", "versionEndExcluding": "7.2.7.2", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "14CAC3B2-1A9B-40C2-925C-5C929179763D", "versionEndExcluding": "7.3.3.3", "versionStartIncluding": "7.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_500-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "44DFA806-C013-4C3A-A9AC-76040E5B4207", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "31C3E999-E729-4B08-BFCD-2CACD14A9FAA", "versionEndExcluding": "6.7.4.17", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "540E33CE-DB5D-4C45-806F-2A2B43EDDC11", "versionEndExcluding": "6.7.5.12", "versionStartIncluding": "6.7.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D17AC2E5-5CAE-49B9-BA56-B7DD2CA1A796", "versionEndExcluding": "7.2.7.2", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D30543D-636C-4005-A677-A049FAF5534F", "versionEndExcluding": "7.3.3.3", "versionStartIncluding": "7.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s500-20:-:*:*:*:*:*:*:*", "matchCriteriaId": "9770558C-A91B-4DD1-B5A6-76713452116E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance." }, { "lang": "es", "value": "Las consolas de administraci\u00f3n web Symantec Advanced Secure Gateway (ASG) y ProxySG son susceptibles a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante no autenticado puede ejecutar comandos CLI arbitrarios, ver/modificar la configuraci\u00f3n y la pol\u00edtica del dispositivo, y apagar/reiniciar el dispositivo" } ], "id": "CVE-2021-30648", "lastModified": "2024-11-21T06:04:21.397", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-06-30T11:15:08.143", "references": [ { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-287" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-05-11 14:30
Modified
2024-11-21 03:00
Severity ?
Summary
The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.
References
▼ | URL | Tags | |
---|---|---|---|
secure@symantec.com | http://www.securityfocus.com/bid/101530 | Third Party Advisory, VDB Entry | |
secure@symantec.com | http://www.securitytracker.com/id/1039701 | Third Party Advisory, VDB Entry | |
secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA146 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101530 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039701 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA146 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "445E76D3-2ACF-4BA6-ADC2-53BBA53C5184", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "017EEF7C-C07F-445F-9F8B-0D9539857470", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA1AF395-4E93-4343-A0AE-ABCC0B34D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E715F75B-AFFA-4662-9E51-30C10EA0CBF4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "C90E531A-A9AF-47F4-BDC5-E40AEE3CCFD5", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "0CFDCAF4-7B89-4E12-88B2-EBD85845D8C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "70F87807-F8FB-468F-9E44-4DEF2B7C4C3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "B3493C4B-2CFE-4957-93CC-807154C074CF", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F2B8572-B369-489C-A7FA-1B635A66A9FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "A5158A3A-11AD-4D64-92B6-AE7656E6E5A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "D868AE5A-6D8D-4DC6-81C4-56E10DCE40A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "E8F1C6C8-B3E5-4787-BFCC-2E07ECDC6A65", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "F3BED641-6C64-49BA-8CA1-EF4B01DAF0B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "E8508498-0FCF-4DB3-A718-A685AA2D2299", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "8A1F6F5F-580E-401C-AE85-56497636132A", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14:*:*:*:*:*:*:*", "matchCriteriaId": "BEDDE433-6FC5-4B4B-8DE2-1485486D7A16", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4854655-722B-4504-9A7C-C2211C98194D", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A65BB092-04AD-496F-9CB5-7F6D6E6118C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "38CCDA77-BD6F-4D0E-A305-94294B4CB1B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "16B96153-D19F-4345-9DE8-A7E27EDE7282", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "DCE3894E-B218-4A0A-9AA8-C13D26722A2C", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "B3047126-01AB-435D-8D22-832B21BE6A74", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "682DFD13-7BEC-4044-9927-68C4C856A206", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "82D43CCC-6154-4213-BD5E-D367DE8995EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "4EC52CDF-739B-49B1-8668-9D55B2E3E2C6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "91A561A9-EA6E-461B-89FA-FA60F40C14B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9141EEA0-9E3D-4772-8AC1-CE5F2FCE188F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges." }, { "lang": "es", "value": "Las consolas de administraci\u00f3n Advanced Secure Gateway (ASG) versiones 6.6 anteriores a 6.6.5.8, ProxySG versiones 6.5 anteriores a 6.5.10.6, ProxySG versiones 6.6 anteriores a 6.6.5.8 y ProxySG versiones 6.7 anteriores a 6.7.1.2 de Symantec, no autorizan correctamente, bajo determinadas circunstancias, a usuarios administradores. Un administrador malicioso con acceso de solo lectura puede explotar esta vulnerabilidad para acceder a la funcionalidad de consola de administraci\u00f3n que requiere privilegios de acceso de lectura y escritura." } ], "id": "CVE-2016-9097", "lastModified": "2024-11-21T03:00:35.517", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-05-11T14:30:16.360", "references": [ { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/101530" }, { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1039701" }, { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/101530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1039701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-05-11 14:30
Modified
2024-11-21 03:00
Severity ?
Summary
Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information.
References
▼ | URL | Tags | |
---|---|---|---|
secure@symantec.com | http://www.securityfocus.com/bid/102454 | Third Party Advisory, VDB Entry | |
secure@symantec.com | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102454 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | advanced_secure_gateway | * | |
broadcom | advanced_secure_gateway | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CCB3E38-B5B9-49EA-AD50-343E324AB343", "versionEndExcluding": "6.6.5.13", "versionStartIncluding": "6.6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A8D1880-B9D6-4AA2-B266-ACDFD0E046E9", "versionEndExcluding": "6.7.3.1", "versionStartIncluding": "6.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EB38BF8-32F4-45F5-8681-60BE4A209EF7", "versionEndExcluding": "6.5.10.6", "versionStartIncluding": "6.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C18F34F-8333-4A40-A8B4-89F4885CC377", "versionEndExcluding": "6.6.5.13", "versionStartIncluding": "6.6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "EADC894C-8F9E-4BE1-9A1D-45A0B3AB4462", "versionEndExcluding": "6.7.3.1", "versionStartIncluding": "6.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information." }, { "lang": "es", "value": "Advanced Secure Gateway (ASG) versiones 6.6 anteriores a 6.6.5.13, ASG versiones 6.7 anteriores a 6.7.3.1, ProxySG versiones 6.5 anteriores a 6.5.10.6, ProxySG versiones 6.6 anteriores a 6.6.5.13 y ProxySG versiones 6.7 anteriores a 6.7.3.1 de Symantec, son susceptibles a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un atacante con acceso local al host del cliente de un usuario administrador autenticado puede, bajo determinadas circunstancias, obtener informaci\u00f3n confidencial de credenciales de autenticaci\u00f3n." } ], "id": "CVE-2016-9100", "lastModified": "2024-11-21T03:00:35.787", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-05-11T14:30:16.437", "references": [ { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102454" }, { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040138" }, { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102454" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040138" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-255" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-04-11 14:29
Modified
2024-11-21 03:11
Severity ?
Summary
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
References
▼ | URL | Tags | |
---|---|---|---|
secure@symantec.com | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
secure@symantec.com | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | advanced_secure_gateway | * | |
broadcom | advanced_secure_gateway | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF86C5BD-ABB2-4B5D-901D-42153FB2ED15", "versionEndExcluding": "6.6.5.14", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A8D1880-B9D6-4AA2-B266-ACDFD0E046E9", "versionEndExcluding": "6.7.3.1", "versionStartIncluding": "6.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "71233B55-5E11-42A3-AE39-EAD381E32607", "versionEndExcluding": "6.5.10.8", "versionStartIncluding": "6.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D262D81-F928-4847-87C8-D20849ABA94F", "versionEndExcluding": "6.6.5.14", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "EADC894C-8F9E-4BE1-9A1D-45A0B3AB4462", "versionEndExcluding": "6.7.3.1", "versionStartIncluding": "6.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes." }, { "lang": "es", "value": "Vulnerabilidad de denegaci\u00f3n de servicio (DoS) en las consolas de gesti\u00f3n Symantec Advanced Secure Gateway (ASG) y ProxySG. Un atacante remoto puede emplear peticiones HTTP/HTTPS manipuladas para provocar el cierre inesperado de la aplicaci\u00f3n a trav\u00e9s de una denegaci\u00f3n de servicio (DoS) en la consola de gesti\u00f3n." } ], "id": "CVE-2017-13677", "lastModified": "2024-11-21T03:11:24.560", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-04-11T14:29:00.313", "references": [ { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103685" }, { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040757" }, { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103685" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040757" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-08-30 09:15
Modified
2024-11-21 03:55
Severity ?
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | advanced_secure_gateway | * | |
broadcom | advanced_secure_gateway | 6.6 | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | 6.6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B599C2C-2345-4C48-A643-7E3248CD93CF", "versionEndExcluding": "6.7.4.2", "versionStartIncluding": "6.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "30763EE4-C79B-47A6-B2BB-6E94B2C9C467", "versionEndExcluding": "6.5.10.15", "versionStartIncluding": "6.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "83FFE68F-353C-441C-B924-6087631A0AF8", "versionEndExcluding": "6.7.4.2", "versionStartIncluding": "6.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2." }, { "lang": "es", "value": "El modo WebFTP del proxy FTP de ASG/ProxySG, permite interceptar conexiones FTP donde un usuario accede a un servidor FTP por medio de una URL ftp:// en un navegador web. Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el modo WebFTP permite a un usuario malicioso obtener credenciales de aute de texto plano para un servidor FTP remoto desde un listado web del servidor FTP de ASG/ProxySG. Versiones afectadas: ASG versi\u00f3n 6.6 y versiones 6.7 anteriores a 6.7.4.2; ProxySG versiones 6.5 anteriores a 6.5.10.15, 6.6, y versiones 6.7 anteriores a 6.7.4.2." } ], "id": "CVE-2018-18371", "lastModified": "2024-11-21T03:55:48.747", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-08-30T09:15:16.660", "references": [ { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-327" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-01-10 02:29
Modified
2024-11-21 02:43
Severity ?
Summary
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.
References
▼ | URL | Tags | |
---|---|---|---|
secure@symantec.com | http://www.securityfocus.com/bid/102451 | Third Party Advisory, VDB Entry | |
secure@symantec.com | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102451 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | 6.6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EB38BF8-32F4-45F5-8681-60BE4A209EF7", "versionEndExcluding": "6.5.10.6", "versionStartIncluding": "6.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "D80D6174-972A-4E47-ABAA-1B53D03221E7", "versionEndExcluding": "6.7.2.1", "versionStartIncluding": "6.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257." }, { "lang": "es", "value": "La consola de gesti\u00f3n de Symantec ProxySG 6.5 (en versiones anteriores a la 6.5.10.6), 6.6 y 6.7 (en versiones anteriores a la 6.7.2.1) es susceptible de contener una vulnerabilidad de XSS reflejado. Un atacante remoto puede emplear una URL de la consola de gesti\u00f3n manipulada en un ataque de phishing para inyectar c\u00f3digo JavaScript arbitrario en la aplicaci\u00f3n del cliente web de la consola de gesti\u00f3n. Esta vulnerabilidad es diferente de CVE-2016-10257." } ], "id": "CVE-2016-10256", "lastModified": "2024-11-21T02:43:40.283", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-01-10T02:29:31.833", "references": [ { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102451" }, { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040138" }, { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102451" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040138" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-04-11 14:29
Modified
2024-11-21 02:43
Severity ?
Summary
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
References
▼ | URL | Tags | |
---|---|---|---|
secure@symantec.com | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
secure@symantec.com | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | advanced_secure_gateway | * | |
broadcom | advanced_secure_gateway | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF86C5BD-ABB2-4B5D-901D-42153FB2ED15", "versionEndExcluding": "6.6.5.14", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A8D1880-B9D6-4AA2-B266-ACDFD0E046E9", "versionEndExcluding": "6.7.3.1", "versionStartIncluding": "6.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "71233B55-5E11-42A3-AE39-EAD381E32607", "versionEndExcluding": "6.5.10.8", "versionStartIncluding": "6.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D262D81-F928-4847-87C8-D20849ABA94F", "versionEndExcluding": "6.6.5.14", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "EADC894C-8F9E-4BE1-9A1D-45A0B3AB4462", "versionEndExcluding": "6.7.3.1", "versionStartIncluding": "6.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code." }, { "lang": "es", "value": "Vulnerabilidad de subida de archivos sin restricci\u00f3n en las consolas de gesti\u00f3n Symantec Advanced Secure Gateway (ASG) y ProxySG. Un administrador de aparatos malicioso puede subir archivos arbitrarios maliciosos a la consola de gesti\u00f3n y enga\u00f1ar a otro usuario administrador para que descargue y ejecute c\u00f3digo malicioso." } ], "id": "CVE-2016-10258", "lastModified": "2024-11-21T02:43:40.507", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-04-11T14:29:00.250", "references": [ { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103685" }, { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040757" }, { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103685" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040757" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-434" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-01-10 02:29
Modified
2024-11-21 02:43
Severity ?
Summary
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
References
▼ | URL | Tags | |
---|---|---|---|
secure@symantec.com | http://www.securityfocus.com/bid/102447 | Third Party Advisory, VDB Entry | |
secure@symantec.com | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102447 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | advanced_secure_gateway | * | |
broadcom | advanced_secure_gateway | 6.6 | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | 6.6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "08D3C0DC-195F-4035-805E-CDF610BC782E", "versionEndExcluding": "6.7.2.1", "versionStartIncluding": "6.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EB38BF8-32F4-45F5-8681-60BE4A209EF7", "versionEndExcluding": "6.5.10.6", "versionStartIncluding": "6.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "D80D6174-972A-4E47-ABAA-1B53D03221E7", "versionEndExcluding": "6.7.2.1", "versionStartIncluding": "6.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256." }, { "lang": "es", "value": "La consola de gesti\u00f3n de Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (en versiones anteriores a la 6.7.2.1), ProxySG 6.5 (en versiones anteriores a la 6.5.10.6), ProxySG 6.6 and ProxySG 6.7 (en versiones anteriores a la 6.7.2.1) es susceptible de contener una vulnerabilidad de XSS reflejado. Un atacante remoto puede emplear una URL de la consola de gesti\u00f3n manipulada en un ataque de phishing para inyectar c\u00f3digo JavaScript arbitrario en la aplicaci\u00f3n del cliente web de la consola de gesti\u00f3n. Esta vulnerabilidad es diferente de CVE-2016-10256." } ], "id": "CVE-2016-10257", "lastModified": "2024-11-21T02:43:40.397", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-01-10T02:29:31.880", "references": [ { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102447" }, { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040138" }, { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102447" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040138" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-04-10 00:15
Modified
2024-11-21 04:33
Severity ?
Summary
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | advanced_secure_gateway | * | |
broadcom | advanced_secure_gateway | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E268AFF2-E368-4574-9CE4-923C9C510E24", "versionEndExcluding": "6.7.4.10", "versionStartIncluding": "6.7.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED2A0D93-FEEC-43B1-9766-032B87E88C38", "versionEndExcluding": "7.2.0.1", "versionStartIncluding": "7.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "250EAC78-79F0-4ACF-86DB-54A6826832A8", "versionEndExcluding": "6.7.4.10", "versionStartIncluding": "6.7.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C91A22D-A943-4DA8-8557-1B4EDB392D09", "versionEndExcluding": "7.2.0.1", "versionStartIncluding": "7.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console." }, { "lang": "es", "value": "Las consolas de administraci\u00f3n de ASG y ProxySG, son susceptibles a una vulnerabilidad de secuestro de sesi\u00f3n. Un atacante remoto, con acceso a la interfaz de administraci\u00f3n del dispositivo, puede secuestrar la sesi\u00f3n de un usuario actualmente registrado y acceder a la consola de administraci\u00f3n." } ], "id": "CVE-2019-18375", "lastModified": "2024-11-21T04:33:09.620", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-04-10T00:15:11.160", "references": [ { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-08-30 09:15
Modified
2024-11-21 03:55
Severity ?
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | advanced_secure_gateway | * | |
broadcom | advanced_secure_gateway | 6.6 | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | 6.6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B599C2C-2345-4C48-A643-7E3248CD93CF", "versionEndExcluding": "6.7.4.2", "versionStartIncluding": "6.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "30763EE4-C79B-47A6-B2BB-6E94B2C9C467", "versionEndExcluding": "6.5.10.15", "versionStartIncluding": "6.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "83FFE68F-353C-441C-B924-6087631A0AF8", "versionEndExcluding": "6.7.4.2", "versionStartIncluding": "6.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2." }, { "lang": "es", "value": "El modo WebFTP del Proxy FTP de ASG/ProxySG, permite interceptar conexiones FTP donde un usuario accede a un servidor FTP por medio de una URL ftp:// en un navegador web. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el modo WebFTP permite a un atacante remoto inyectar c\u00f3digo JavaScript malicioso en un listado web de ASG/ProxySG de un servidor FTP remoto. La explotaci\u00f3n de la vulnerabilidad requiere que el atacante sea capaz de cargar archivos especialmente dise\u00f1ados en el servidor FTP remoto. Versiones afectadas: ASG versi\u00f3n 6.6 y versiones 6.7 anteriores a 6.7.4.2; ProxySG versiones 6.5 anteriores a 6.5.10.15, 6.6 y versiones 6.7 anteriores a 6.7.4.2." } ], "id": "CVE-2018-18370", "lastModified": "2024-11-21T03:55:48.623", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-08-30T09:15:16.567", "references": [ { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-05-11 14:30
Modified
2024-11-21 03:00
Severity ?
Summary
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
References
▼ | URL | Tags | |
---|---|---|---|
secure@symantec.com | http://www.securityfocus.com/bid/102455 | Third Party Advisory, VDB Entry | |
secure@symantec.com | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102455 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | advanced_secure_gateway | * | |
broadcom | symantec_proxysg | * | |
broadcom | advanced_secure_gateway | 6.6 | |
broadcom | symantec_proxysg | 6.6 | |
broadcom | symantec_proxysg | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "08D3C0DC-195F-4035-805E-CDF610BC782E", "versionEndExcluding": "6.7.2.1", "versionStartIncluding": "6.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EB38BF8-32F4-45F5-8681-60BE4A209EF7", "versionEndExcluding": "6.5.10.6", "versionStartIncluding": "6.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "D80D6174-972A-4E47-ABAA-1B53D03221E7", "versionEndExcluding": "6.7.2.1", "versionStartIncluding": "6.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site." }, { "lang": "es", "value": "Advanced Secure Gateway (ASG) versi\u00f3n 6.6, ASG versiones 6.7 anteriores a 6.7.2.1, ProxySG versiones 6.5 anteriores a 6.5.10.6, ProxySG versi\u00f3n 6.6 y ProxySG versiones 6.7 anteriores a 6.7.2.1 de Symantec, son susceptibles a una vulnerabilidad de redireccionamiento abierto. Un atacante remoto puede usar una URL dise\u00f1ada de la consola de administraci\u00f3n en un ataque de phishing para redireccionar al usuario destino hacia un sitio web malicioso." } ], "id": "CVE-2016-9099", "lastModified": "2024-11-21T03:00:35.660", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-05-11T14:30:16.407", "references": [ { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102455" }, { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040138" }, { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102455" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040138" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-601" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-04-11 14:29
Modified
2024-11-21 03:11
Severity ?
Summary
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.
References
▼ | URL | Tags | |
---|---|---|---|
secure@symantec.com | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
secure@symantec.com | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | advanced_secure_gateway | * | |
broadcom | advanced_secure_gateway | * | |
broadcom | advanced_secure_gateway | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * | |
broadcom | symantec_proxysg | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF86C5BD-ABB2-4B5D-901D-42153FB2ED15", "versionEndExcluding": "6.6.5.14", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D365F8C-3F0E-4596-9AE0-840E966E7E2C", "versionEndExcluding": "6.7.3.7", "versionStartIncluding": "6.7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCD17841-CC52-427D-9B77-B3787276D1FE", "versionEndExcluding": "6.7.4.107", "versionStartIncluding": "6.7.4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "71233B55-5E11-42A3-AE39-EAD381E32607", "versionEndExcluding": "6.5.10.8", "versionStartIncluding": "6.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D262D81-F928-4847-87C8-D20849ABA94F", "versionEndExcluding": "6.6.5.14", "versionStartIncluding": "6.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "A161CEF7-078D-400B-82FF-F4CCD5561F09", "versionEndExcluding": "6.7.3.7", "versionStartIncluding": "6.7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "F473B1BD-A298-4809-AAB1-E7B520AA5222", "versionEndExcluding": "6.7.4.107", "versionStartIncluding": "6.7.4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application." }, { "lang": "es", "value": "Vulnerabilidad de Cross-Site Scripting (XSS) persistente en las consolas de gesti\u00f3n Symantec Advanced Secure Gateway (ASG) y ProxySG. Un administrador de aparatos malicioso puede inyectar c\u00f3digo JavaScript arbitrario en la aplicaci\u00f3n cliente de la consola de gesti\u00f3n web." } ], "id": "CVE-2017-13678", "lastModified": "2024-11-21T03:11:24.677", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-04-11T14:29:00.377", "references": [ { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103685" }, { "source": "secure@symantec.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040757" }, { "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103685" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040757" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162" } ], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }