Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-1429
HistoryJan 23, 2018 - 8:00 a.m.

SA158: Improper Restriction of Excessive Authentication Attempts in Reporter

2018-01-2308:00:00
Symantec Security Response
15

0.004 Low

EPSS

Percentile

74.0%

JSON

SUMMARY

Symantec Reporter does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.

AFFECTED PRODUCTS

Reporter

CVE |Affected Version(s)|Remediation
CVE-2017-15531 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1
10.1 | Upgrade to 10.1.5.5.
9.5 | Upgrade to 9.5.4.1.

ADDITIONAL PRODUCT INFORMATION

Symantec Reporter provides reporting capabilities for the Symantec ProxySG appliance, Secure Web Gateway (SWG) solution, and the Web Security Services (WSS). Reporter provides authentication and role-based access control for:

  • administrator users: can manage Reporter’s configuration and access all reporting information stored on it.
  • standard users: only can access reporting information determined by the user roles and the reporting fields that the roles are authorized to access.

This vulnerability can be exploited only through the Reporter management interface. Symantec recommends that customers deploy Reporter in a secure network and restrict access to the management interface. Not deploying the appliance in a secure network or restricting management interface access increases the threat of exploiting the vulnerability.

ISSUES

CVE-2017-15531

Severity / CVSSv2 | High / 8.3 (AV:A/AC:L/Au:N/C:C/I:C/A:C) References| SecurityFocus: BID 102751 / NVD: CVE-2017-15531 Impact| Unauthorized access Description | Reporter does not restrict excessive authentication attempts for administrator and standard users, making it susceptible to a brute force password guessing attack. A remote attacker, with access to the management interface, can use brute force search to guess a user password and gain access to Reporter and the reporting information that the user is authorized to access. Reporter logs all successful and unsuccessful authentication attempts in the system event log.

MITIGATION

Symantec recommends that customers deploy Reporter in a secure network and restrict access to the management interface.

ACKNOWLEDGEMENTS

Symantec would like to thank Dhiraj Mishra (@mishradhiraj_) for reporting this vulnerability.

REVISION

2018-04-12 A fix for Reporter 10.1 is available in 10.1.5.5.
2018-01-23 initial public release

CPENameOperatorVersion
reportereq1
reportereq1
reportereq9

Related

cve 1
cvelist 1
prion 1
nvd 1
nessus 1
cve
cve
CVE-2017-15531
2018-01-23 20:29:00
cvelist
cvelist
CVE-2017-15531
2018-01-23 00:00:00
prion
prion
Session fixation
2018-01-23 20:29:00
nvd
nvd
CVE-2017-15531
2018-01-23 20:29:00
nessus
nessus
Symantec (Blue Coat) Reporter Multiple Vulnerabilities (SA158)
2018-01-26 00:00:00

0.004 Low

EPSS

Percentile

74.0%

JSON
Related for SMNTC-1429
cve1cvelist1prion1nvd1nessus1