Remote Command Execution Vulnerability in Symantec Web Gateway Appliances
CVE-2015-5693

Currently unrated

Key Information:

Vendor: Symantec
Status: Web Gateway
Vendor: CVE Published:; 20 September 2015

Summary

The management console of Symantec Web Gateway appliances prior to version 5.2.2 DB 5.0.0.1277 is susceptible to a vulnerability that allows authenticated users to execute arbitrary commands. This issue arises from improper handling of input related to traffic capture functionality, potentially leading to unauthorized system changes or access to sensitive information. Effective mitigation measures should be undertaken to secure affected systems.

References

http://www.securityfocus.com/bid/76731

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1033625

vdb-entryx_refsource_SECTRACK

http://www.zerodayinitiative.com/advisories/ZDI-15-444/

x_refsource_MISC

Timeline

Vulnerability published
Sep 20, 2015
Vulnerability Reserved
Jul 28, 2015