Information Disclosure in Symantec Advanced Secure Gateway and ProxySG Products
CVE-2016-9100

7.8HIGH

Key Information:

Vendor

Symantec Corporation

Status
Asg
Proxysg
Vendor
CVE Published:
11 May 2017

What is CVE-2016-9100?

An information disclosure vulnerability exists in various versions of Symantec Advanced Secure Gateway and ProxySG products. This flaw allows an attacker with local access to a client's system, specifically one connected to an authenticated administrator, to potentially access sensitive authentication credentials. This could lead to unauthorized actions or further exploitation of the network security measures in place.

Affected Version(s)

ASG 6.6 prior to 6.6.5.13

ASG 6.7 prior to 6.7.3.1

ProxySG 6.5 prior to 6.5.10.6

References

http://www.securitytracker.com/id/1040138
vdb-entryx_refsource_SECTRACK
https://www.symantec.com/security-center/network-protecti...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102454
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.