Local Access Bypass Issue in Symantec Web Gateway Appliance
CVE-2013-4672

Currently unrated

Key Information:

Vendor: Symantec
Status: Web Gateway; Web Gateway Appliance 8450; Web Gateway Appliance 8490
Vendor: CVE Published:; 1 August 2013

What is CVE-2013-4672?

The Symantec Web Gateway appliance prior to version 5.1.1 has a vulnerability within its management console due to an incorrectly configured sudoers file. This misconfiguration allows local users to circumvent intended access restrictions by executing commands that should otherwise be blocked. As a result, local threats can exploit this weakness to gain unauthorized access to system commands and functionalities.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/61104

vdb-entryx_refsource_BID

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2013
Vulnerability Reserved
Jun 24, 2013