Symantec Web Gateway Command Injection Vulnerability Network Vulnerability

Summary

Symantec Web Gateway is prone to a command-injection vulnerability.

Impact

Successfully exploiting this issue may allow an attacker to execute arbitrary OS commands in the context of the affected appliance.

Solution

Updatei to 5.2.2 or higher.

Insight

Symantec was notified of an OS command injection vulnerability in PHP script which impacts the SWG management console. The results of successful exploitation could potentially range from unauthorized disclosure of sensitive data to possible unauthorized access to the Symantec Web Gateway Appliance.

Affected

Versions prior to Symantec Web Gateway 5.2.2 are vulnerable.

Detection

Check the version

References

http://www.securityfocus.com/bid/71620
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20141216_00

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-7285

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities