Symantec has released an update to address a Symantec Web Gateway (SWG) Management Console Interface command injection issue bypassing validation restrictions to add an unauthorized whitelist entry.
Symantec Web Gateway (SWG)
|
|
CVE-2016-5313
|
Prior to 5.2.5
|
Upgrade to 5.2.5
CVE-2016-5313
Severity/CVSSv3:
|
Medium / 4.8 AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References:
Impact:
|
Securityfocus: BID 93284 / NVD: CVE-2016-5313
Security bypass
Description:
|
The Symantec Web Gateway Management Console allows some specially crafted entries to update the whitelist without validation. A lower-privileged but authorized management console user can bypass the whitelist validation using a specifically-modified script to create an unauthorized whitelist entry. This whitelist entry could potentially be leveraged in further malicious attempts against the network.
The Symantec Web Gateway management console interface should never be accessible external to the authorized network or by any users other than an authorized management console user
Best Practices
Symantec recommends the following measures to reduce risk of attack: