9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Summary
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
Affected Product(s)
CVE |Supported Version(s)|Remediation
CVE-2021-30648 | 6.6 | No longer under maintenance. Upgrade to 6.7.5.12
6.7 | Upgrade to 6.7.5.12 (recommended) or 6.7.4.17
7.2 | Upgrade to 7.2.7.2
7.3 | Upgrade to 7.3.3.3
CVE |Supported Version(s)|Remediation
CVE-2021-30648 | 6.5 | No longer under maintenance. Upgrade to 6.7.5.12 (recommended). A fix is also available in 6.5.10.16.
6.6 | No longer under maintenance. Upgrade to 6.7.5.12 (recommended). A fix is also available in 6.6.5.19.
6.7 | Upgrade to 6.7.5.12 (recommended), 6.7.4.17, or 6.7.3.15
7.2 | Upgrade to 7.2.7.2
7.3 | Upgrade to 7.3.3.3
**Additional Product Information **
At the time of this advisory’s publication, Broadcom is not aware of any evidence that CVE-2021-30648 is actively exploited in the wild.
Successful exploitation of CVE-2021-30648 to modify appliance configuration/policy, shut down or restart the appliance results in Event Log messages logged on ASG and ProxySG. Event Log messages starting with "Config admin at <remote-IP-address> ‘unknown’ " are considered to be indicators of compromise (IOCs).
For example:
2021-01-01 17:42:27-00:00UTC “Config admin at <remote-IP-address> ‘unknown’, enabled NTP” 0 140002:7D
2021-01-01 18:00:42-00:00UTC “Config admin at <remote-IP-address> ‘unknown’, installed new Local Policy File” 0 140002:7D
2021-01-01 01:45:36-00:00UTC “Config admin at <remote-IP-address> ‘unknown’, initiated restart regular” 0 140002:7D
Exploiting this vulnerability to execute CLI commands that do not modify the appliance configuration/policy, shut down or restart the appliance may not result in logging the same Event Log messages.
Issue Details
Severity / CVSS v3.1: | Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) References:| NVD: CVE-2021-30648 Impact:| Security control bypass Description: | An authentication bypass vulnerability in the ASG and ProxySG web management consoles allows a remote unauthenticated attacker to send crafted HTTP/HTTPS requests that bypass user authentication. The attacker can exploit this vulnerability to execute arbitrary CLI commands (through the web management console) in enable or configuration mode, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
Mitigation
CVE-2021-30648 is exploitable in ASG and ProxySG only if the attacker can send HTTP/HTTPS requests to the web management console. Customers can mitigate this vulnerability using existing network infrastructure, such as network partitioning and firewalls, to restrict access to the web management console to a trusted network.
CVE-2021-30648 is not exploitable to perform arbitrary code execution. ASG and ProxySG only provide a restricted CLI and not a general operating system shell. The CLI commands an attacker can execute are restricted to the commands provided by the CLI.
Revisions
2021-06-29 initial public release
CPE | Name | Operator | Version |
---|---|---|---|
advanced secure gateway (asg) | eq | 6 | |
advanced secure gateway (asg) | eq | 6 | |
advanced secure gateway (asg) | eq | 7 | |
advanced secure gateway (asg) | eq | 7 | |
proxysg | eq | 6 | |
proxysg | eq | 6 | |
proxysg | eq | 6 | |
proxysg | eq | 7 | |
proxysg | eq | 7 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C