SAML Authentication Bypass Vulnerability in Symantec Advanced Secure Gateway and ProxySG
CVE-2018-5241

9.8CRITICAL

Key Information:

Vendor
Symantec Corporation
Status
Advanced Secure Gateway (asg)
Proxysg
Vendor
CVE Published:
29 May 2018

Summary

Symantec Advanced Secure Gateway (ASG) and ProxySG products are susceptible to a significant vulnerability that allows an attacker to bypass user authentication controls. This flaw arises from improper handling of XML nodes with comments in SAML responses. By exploiting this weakness, a remote attacker can manipulate valid SAML responses without altering their cryptographic signatures. This can lead to unauthorized access for network users in intercepted proxy traffic. Importantly, this vulnerability does not impact authentication pathways for administrators accessing the management consoles of ASG and ProxySG.

Affected Version(s)

Advanced Secure Gateway (ASG) 6.6

Advanced Secure Gateway (ASG) 6.7

ProxySG 6.5

References

https://www.symantec.com/security-center/network-protecti...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040993
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104282
vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.