CVE-2014-7285

Currently unrated

Key Information:

Vendor
Symantec
Status
Web Gateway
Vendor
CVE Published:
17 December 2014

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 58%

Summary

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2014-7285
Created by Rapid7

References

http://www.exploit-db.com/exploits/36263
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/71620
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1031386
vdb-entryx_refsource_SECTRACK

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.