The Symantec Content Analysis (CA) and Mail Threat Defense (MTD) management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user.
CVE | Affected Version(s) | Remediation All CVEs | 2.2 and later | Not vulnerable, full fix available in 2.2.1.1.
2.1 | Partial fix available in 2.1.1.1.
1.3 | Partial fix avaialble in 1.3.7.3.
CVE |Affected Version(s)|Remediation All CVEs | 1.1 | Upgrade to CA 2.2 (or later) and SMG 10.6.3 (or later)
Only the CA management console is affected. The CA management console web browser client application in CA 1.3.7.3 and 2.1.1.1 opt-ins to use CSRF protection. The full fix in CA 2.2 requires CSRF protection for all CA management console clients.
MTD has been obsoleted by CA and the Symantec Messaging Gateway (SMG). Symantec recommends that MTD customers transition to CA 2.2 (or above) and SMG 10.6.3 (or above) to get the latest functionality and vulnerability fixes.
Severity / CVSSv2 | High / 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C) References| NVD: CVE-2016-9092 Impact| Cross-site request forgery (CSRF) Description | A remote, unauthenticated attacker can target an authenticated administrator user with phishing or other social engineering techniques, and trick them into clicking on a malicious link or visiting a malicious site. This allows the attacker to access the management console with the privileges of the authenticated user.
Thanks to Peter Paccione, Chris Hebert, and Corey Boyd for reporting this vulnerability.
2018-05-17 initial public release
CPE | Name | Operator | Version |
---|---|---|---|
content analysis (ca) | eq | 2 | |
content analysis (ca) | eq | 2 | |
content analysis (ca) | eq | 1 | |
mail threat defense (mtd) | eq | 1 |