Summary
This host is running Symantec Web Gateway and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to gain escalated privileges and conduct cross-site scripting and cross-site request forgery attacks and compromise a vulnerable system.
Solution
Upgrade to Symantec Web Gateway version 5.1.1 or later, For updates refer to http://www.symantec.com/business/web-gateway
Insight
Multiple flaws are due to,
- Unspecified errors related to the SWG console interface, login prompt of the SWG console and sudo configuration.
- Certain unspecified input is not properly sanitised before being returned to the user.
- The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request.
Affected
Symantec Web Gateway versions prior to 5.1.1
Detection
Get the installed version Symantec Web Gateway with the help detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-1616, CVE-2013-1617, CVE-2013-4670, CVE-2013-4671, CVE-2013-4672 -
CVSS Base Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities