Symantec Web Gateway Command Injection Vulnerability Network Vulnerability

Summary

Symantec Web Gateway is prone to a command-injection vulnerability.

Impact

Successfully exploiting this issue may allow an attacker to execute arbitrary OS commands in the context of the affected appliance.

Solution

Updatei to 5.2.2 or higher.

Insight

Symantec was notified of an OS command injection vulnerability in PHP script which impacts the SWG management console. The results of successful exploitation could potentially range from unauthorized disclosure of sensitive data to possible unauthorized access to the Symantec Web Gateway Appliance.

Affected

Versions prior to Symantec Web Gateway 5.2.2 are vulnerable.

Detection

Check the version

References

http://www.securityfocus.com/bid/71620
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20141216_00

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-7285

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Adobe JRun Management Console Multiple Vulnerabilities
Apache Struts2/XWork Remote Command Execution Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities

Take action and discover your vulnerabilities