Arbitrary Code Execution Vulnerability in Symantec Web Gateway Management Console
CVE-2015-5692

Currently unrated

Key Information:

Vendor: Symantec
Status: Web Gateway
Vendor: CVE Published:; 20 September 2015

Summary

The Symantec Web Gateway appliances have a security loophole in the management console that allows remote authenticated users to execute arbitrary code. This is achieved through a vulnerable component, admin_messages.php, which improperly handles file uploads. Users can exploit this vulnerability by uploading a file with a seemingly safe extension and content type, resulting in the file becoming a setuid-root executable due to weak Sudo configurations. This poses a significant risk of unauthorized control over the system.

References

http://www.securitytracker.com/id/1033625

vdb-entryx_refsource_SECTRACK

http://www.zerodayinitiative.com/advisories/ZDI-15-443/

x_refsource_MISC

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 20, 2015
Vulnerability Reserved
Jul 28, 2015