Symantec Security ResponseSMNTC-1408SA151: ImageMagick RCE Vulnerability (ImageTragick)
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
SUMMARY
Symantec Network Protection products using affected versions of ImageMagick are susceptible to the ImageTragick security vulnerability. A remote attacker can send crafted images and execute arbitrary code on the target.
AFFECTED PRODUCTS
The following products are vulnerable:
Security Analytics
CVE |Affected Version(s)|Remediation
All CVEs | 7.3 | Not vulnerable, fixed in 7.3.1
7.2 | Not available at this time
7.1 | Not available at this time
ADDITIONAL PRODUCT INFORMATION
Security Analytics is only vulnerable through intercepted network traffic.
The following products are not vulnerable:
Advanced Secure Gateway
Android Mobile Agent
AuthConnector
BCAAA
Blue Coat HSM Agent for the Luna SP
CacheFlow
Client Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
Content Analysis
Director
General Auth Connector Login Application
IntelligenceCenter
IntelligenceCenter Data Collector
K9
Mail Threat Defense Malware Analysis
Management Center
Norman Shark Industrial Control System Protection
PacketShaper
PacketShaper S-Series
PolicyCenter
PolicyCenter S-Series
ProxyAV
ProxyAV ConLog and ConLogXP
ProxyClient
ProxySG Reporter
SSL Visibility
Unified Agent
X-Series XOS
ISSUES
CVE-2016-3714
Severity / CVSSv2 | High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) References| SecurityFocus: BID 89848 / NVD: CVE-2016-3714 Impact| Code execution Description | An insufficient input validation flaw in multiple ImageMagick coders allows a remote attacker to send crafted images with injected OS shell commands. The attacker can execute arbitrary code on the target system with the privileges of the ImageMagick application.
MITIGATION
Symantec's ProxySG 6.6 and 6.7 web application firewall (WAF) solution can protect network servers against some ImageTragick attack vectors. The WAF Command Injection engine, when configured to scan HTTP requests, can block HTTP POST requests containing crafted images with injected OS commands.
REFERENCES
ImageTragick - <https://imagetragick.com/>
REVISION
2019-01-17 IntelligenceCenter and IntelligenceCenter Data Collector are not vulnerable. Advisory Status moved to Closed.
2017-07-05 initial public release
| CPE | Name | Operator | Version |
|---|---|---|---|
| security analytics | eq | 7 | |
| security analytics | eq | 7 | |
| security analytics | eq | 7 |
Related
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C