Privilege Escalation and Information Disclosure Vulnerabilities in SMG

Summary

Symantec Messaging Gateway (SMG) is susceptible to privilege escalation and information disclosure vulnerabilities. A malicious, authenticated, privileged user can further elevate their privileges on the system, or obtain a password for a remote SCP backup server that they might not otherwise be authorized to access.

Affected Product(s)

Symantec Messaging Gateway (SMG)

---

CVE

| Supported Version(s) |Remediation

CVE-2020-12594, CVE-2020-12595

| 10.7 | Upgrade to 10.7.4.

Issue Details

Issue Details

CVE-2020-12594

---

Severity / CVSS v3.x:

|

High / 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

References:

|

NVD: CVE-2020-12594

Impact:

|

Privilege escalation

Description:

|

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance.

CVE-2020-12595

---

Severity / CVSS v3.x:

|

Medium / 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

References:

|

NVD: CVE-2020-12595

Impact:

|

Information disclosure

Description

|

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access.

---

Acknowledgements

• CVE-2020-12594: Grzegorz Gościniak, Security IT Expert at PKP ENERGETYKA S.A., [email protected]
• CVE-2020-12595: Ali Eskiocak, Help AG, [email protected]

Revisions

2020-12-08 initial public release