Unrestricted File Upload Vulnerability in Symantec Advanced Secure Gateway and ProxySG
CVE-2016-10258

6.8MEDIUM

Key Information:

Vendor
Symantec Corporation
Status
Advanced Secure Gateway (asg)
Proxysg
Vendor
CVE Published:
11 April 2018

Summary

The vulnerability in the management consoles of Symantec Advanced Secure Gateway and ProxySG allows a malicious administrator to upload arbitrary files. This poses a significant risk, as it can enable the tricking of another administrator into downloading and executing potentially harmful code. Organizations using these products should ensure that their management interface is secured against unauthorized file uploads to mitigate this risk.

Affected Version(s)

Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.14

Advanced Secure Gateway (ASG) 6.7 prior to 6.7.3.1

ProxySG 6.5 prior to 6.5.10.8

References

https://www.symantec.com/security-center/network-protecti...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103685
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040757
vdb-entryx_refsource_SECTRACK

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.