Symantec has addressed a directory traversal issue in Symantec Messaging Gateway caused by insufficient sanitization of user-supplied input. This issue could allow unauthorized access to files or directories.
Symantec Messaging Gateway (SMG)
|
|
CVE-2016-5312
|
Prior to 10.6.2
|
Upgrade to 10.6.2
CVE-2016-5312
Severity/CVSSv3:
|
Medium / 4.1 AV:A/AC: L/PR:L/UI:N/S:C/C:L/I:N/A:N
References:
Impact:
|
Securityfocus: BID 93148 / NVD: CVE-2016-5312
Directory traversal
Description:
|
A charting component in the Symantec Messaging Gateway control center does not properly sanitize user input submitted for charting requests. This could potentially result in an authorized but less privileged user gaining access to paths outside the authorized directory. This could potentially provide read access to some files/directories on the server for which the user is not authorized.
The listening port for Symantec Messaging Gateway Control Center should not be accessible outside of the authorized network. Restrict access to the Symantec Messaging Gateway Center to network-authorized, control center privileged users only.
Best Practices
Symantec recommends the following measures to reduce risk of attack:
CPE | Name | Operator | Version |
---|---|---|---|
symantec messaging gateway (smg) | eq | 1 |