Configuration files for Unified Agent running in local enforcement mode can be modified by administrators on the client. Configuration files can be modified to unblock categories or to disable Unified Agent entirely.
CVE |Affected Version(s)|Remediation
All CVEs | 4.7 and later | Not vulnerable, fixed in 4.7.1
4.6 (only in local enforcement mode) | Upgrade to 4.6.2
All versions prior to 4.6 (only in local enforcement mode) | Upgrade to later release with fixes.
Severity / CVSSv2 | Low / 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N) References| SecurityFocus: BID 78068 / NVD: CVE-2015-8482 Impact | Unauthorized modification
Unified Agent in local enforcement mode receives policy and configuration from the Client Manager in ProxySG. Policy contains information such as the categories that will be blocked and configuration contains settings such as whether the Unified Agent is enabled. Policy and configuration settings are set by authorized ProxySG administrators.
Prior to Unified Agent 4.6.2, an administrator on the client could remove, add, or modify policy and configuration settings without those changes being detected (CVE-2015-8482). This capability could be exploited to unblock restricted content categories or even to disable the agent entirely. Malware acting as a user with administrative privileges could exploit this to enable connections to previously disallowed malicious sites.
Unified Agent 4.6.2 and later detects alterations of the policy and configuration settings and marks them as invalid. When an invalid policy or configuration is detected, Unified Agent will enter the customer defined failure mode. To resume normal operations, the client must connect to the ProxySG Client Manager to obtain valid configuration settings. Please see the Release Notes for 4.6.2 for more information about configuring failure mode and tamper resistance.
Reported by Nate Roberts with WipfliLLP
2017-03-06 SA status moved to Final.
2015-11-24 initial public release
2015-12-14 This vulnerability has been reported in CVE-2015-8482.
CPE | Name | Operator | Version |
---|---|---|---|
unified agent | eq | 4 | |
unified agent | eq | 4 | |
unified agent | eq | 4 |