Vulnerability Note VU#108471
Symantec Web Gateway contains multiple vulnerabilities
The Symantec Web Gateway management console is vulnerable to remote command execution, local file inclusion, arbitrary password changes, and SQL injection.
The Symantec SYM12-011 advisory states:
"Symantec's Web Gateway management console is susceptible to multiple security issues that include remote command execution, local file inclusion, arbitrary password change and SQL injection security issues. Successful exploitation could result in unauthorized command execution on or access to the management console and backend database."
Additional details may be found in the full Symantec SYM12-011 advisory.
A remote unauthenticated attacker may be able to run unauthorized commands and access the backend database.
Apply an Update
To confirm customers are running the latest updates they should check the "Current Software Version -> Current Version" on the Administration->Updates page. Alternatively, customers can click the "Check for Updates" button on the Administration->Updates page to verify that they are running the latest software version."
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Symantec||Affected||25 Jun 2012||24 Jul 2012|
CVSS Metrics (Learn More)
Thanks to Offensive Security and Tenable Network Security for reporting these vulnerabilities.
This document was written by Jared Allar.
- CVE IDs: CVE-2012-2953 CVE-2012-2957 CVE-2012-2574 CVE-2012-2961 CVE-2012-2976 CVE-2012-2977
- Date Public: 20 Jul 2012
- Date First Published: 24 Jul 2012
- Date Last Updated: 24 Jul 2012
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.