Lucene search

SymantecCVE-2016-9097

HistoryMay 11, 2017 - 2:30 p.m.

CVE-2016-9097

2017-05-1114:30:16

CWE-264

symantec

web.nvd.nist.gov

symantec

asg

proxysg

vulnerability

authorization

management console

nvd

cve-2016-9097

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:P/I:P/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

61.4%

JSON

The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.

Affected configurations

Nvd

Node

broadcomadvanced_secure_gatewayMatch6.6

broadcomadvanced_secure_gatewayMatch6.6.3

broadcomadvanced_secure_gatewayMatch6.6.4

broadcomadvanced_secure_gatewayMatch6.6.4.3

broadcomadvanced_secure_gatewayMatch6.6.5.1

Node

broadcomsymantec_proxysgMatch6.5

broadcomsymantec_proxysgMatch6.5.1

broadcomsymantec_proxysgMatch6.5.2

broadcomsymantec_proxysgMatch6.5.2.10

broadcomsymantec_proxysgMatch6.5.4.1

broadcomsymantec_proxysgMatch6.5.5.7

broadcomsymantec_proxysgMatch6.5.6.1

broadcomsymantec_proxysgMatch6.5.7.6

broadcomsymantec_proxysgMatch6.5.9.2

broadcomsymantec_proxysgMatch6.5.9.8

broadcomsymantec_proxysgMatch6.5.9.10

broadcomsymantec_proxysgMatch6.5.9.14

Node

broadcomsymantec_proxysgMatch6.6

broadcomsymantec_proxysgMatch6.6.2

broadcomsymantec_proxysgMatch6.6.2.1

broadcomsymantec_proxysgMatch6.6.2.2

broadcomsymantec_proxysgMatch6.6.3

broadcomsymantec_proxysgMatch6.6.3.2

broadcomsymantec_proxysgMatch6.6.4

broadcomsymantec_proxysgMatch6.6.4.1

broadcomsymantec_proxysgMatch6.6.4.3

broadcomsymantec_proxysgMatch6.6.5

Node

broadcomsymantec_proxysgMatch6.7

broadcomsymantec_proxysgMatch6.7.1.1

VendorProductVersionCPE
broadcomadvanced_secure_gateway6.6cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*
broadcomadvanced_secure_gateway6.6.3cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.3:*:*:*:*:*:*:*
broadcomadvanced_secure_gateway6.6.4cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4:*:*:*:*:*:*:*
broadcomadvanced_secure_gateway6.6.4.3cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4.3:*:*:*:*:*:*:*
broadcomadvanced_secure_gateway6.6.5.1cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.5.1:*:*:*:*:*:*:*
broadcomsymantec_proxysg6.5cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*
broadcomsymantec_proxysg6.5.1cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*
broadcomsymantec_proxysg6.5.2cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*
broadcomsymantec_proxysg6.5.2.10cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*
broadcomsymantec_proxysg6.5.4.1cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	advanced_secure_gateway	6.6	cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:::::::*
broadcom	advanced_secure_gateway	6.6.3	cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.3:::::::*
broadcom	advanced_secure_gateway	6.6.4	cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4:::::::*
broadcom	advanced_secure_gateway	6.6.4.3	cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4.3:::::::*
broadcom	advanced_secure_gateway	6.6.5.1	cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.5.1:::::::*
broadcom	symantec_proxysg	6.5	cpe:2.3:a:broadcom:symantec_proxysg:6.5:::::::*
broadcom	symantec_proxysg	6.5.1	cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:::::::*
broadcom	symantec_proxysg	6.5.2	cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:::::::*
broadcom	symantec_proxysg	6.5.2.10	cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:::::::*
broadcom	symantec_proxysg	6.5.4.1	cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:::::::*

Rows per page:

1-10 of 291

CNA Affected

[
  {
    "product": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
    "vendor": "Symantec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"
      }
    ]
  }
]

References

www.securityfocus.com/bid/101530

www.securitytracker.com/id/1039701

www.symantec.com/security-center/network-protection-security-advisories/SA146

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:P/I:P/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

61.4%

JSON

Related for CVE-2016-9097