Information Disclosure in ASG/ProxySG FTP Proxy WebFTP Mode by Symantec
CVE-2018-18371

6.5MEDIUM

Key Information:

Vendor: Symantec Corporation
Status: Symantec Advanced Secure Gateway (asg); Symantec Proxysg
Vendor: CVE Published:; 30 August 2019

Summary

The ASG/ProxySG FTP proxy WebFTP mode contains a vulnerability that can be exploited by malicious users to gain unauthorized access to plain-text authentication credentials. When users access FTP servers through a web browser via the ftp:// URL, the WebFTP mode unintentionally exposes sensitive information about these FTP sessions, allowing attackers to intercept credentials from the web listing of the FTP server.

Affected Version(s)

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7 prior to 6.7.4.2

Symantec ProxySG 6.5 prior to 6.5.10.15

Symantec ProxySG 6.6

References

https://support.symantec.com/us/en/article.SYMSA1472.html

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2019
Vulnerability Reserved
Oct 15, 2018