Arbitrary Code Execution Vulnerability in Symantec Web Gateway Management Console
CVE-2015-5692

Currently unrated

Key Information:

Vendor

Symantec
Status
Web Gateway
Vendor
CVE Published:
20 September 2015

What is CVE-2015-5692?

The Symantec Web Gateway appliances have a security loophole in the management console that allows remote authenticated users to execute arbitrary code. This is achieved through a vulnerable component, admin_messages.php, which improperly handles file uploads. Users can exploit this vulnerability by uploading a file with a seemingly safe extension and content type, resulting in the file becoming a setuid-root executable due to weak Sudo configurations. This poses a significant risk of unauthorized control over the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id/1033625
vdb-entryx_refsource_SECTRACK
http://www.zerodayinitiative.com/advisories/ZDI-15-443/
x_refsource_MISC
http://www.symantec.com/security_response/securityupdates...
x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.