[email protected]NVD:CVE-2014-7285

HistoryDec 17, 2014 - 4:59 p.m.

CVE-2014-7285

2014-12-1716:59:00

CWE-77

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.468 Medium

EPSS

Percentile

97.5%

JSON

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Affected configurations

NVD

Node

symantecweb_gatewayRange≤5.2.1

References

karmainsecurity.com/KIS-2014-19

osvdb.org/show/osvdb/116009

packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html

www.exploit-db.com/exploits/36263

www.securityfocus.com/bid/71620

www.securitytracker.com/id/1031386

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.468 Medium

EPSS

Percentile

97.5%

JSON

Related for NVD:CVE-2014-7285

packetstorm2 zdt2 openvas2 symantec1 cve1 nessus1 securityvulns2 cvelist1 prion1 checkpoint_advisories1