Information Disclosure in Symantec Advanced Secure Gateway and ProxySG Products
CVE-2016-9100

7.8HIGH

Key Information:

Vendor: Symantec Corporation
Status: Asg; Proxysg
Vendor: CVE Published:; 11 May 2017

What is CVE-2016-9100?

An information disclosure vulnerability exists in various versions of Symantec Advanced Secure Gateway and ProxySG products. This flaw allows an attacker with local access to a client's system, specifically one connected to an authenticated administrator, to potentially access sensitive authentication credentials. This could lead to unauthorized actions or further exploitation of the network security measures in place.

Affected Version(s)

ASG 6.6 prior to 6.6.5.13

ASG 6.7 prior to 6.7.3.1

ProxySG 6.5 prior to 6.5.10.6

References

http://www.securitytracker.com/id/1040138

vdb-entryx_refsource_SECTRACK

https://www.symantec.com/security-center/network-protecti...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102454

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2017
Vulnerability Reserved
Oct 28, 2016

Symantec Corporation

What is CVE-2016-9100?

Affected Version(s)

References

CVSS V3.1

Timeline