CVE-2016-10258

Published: Apr 11, 2018Modified: Nov 21, 2024

6.8

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.

Affected (5)

Products: Broadcom: Advanced Secure Gateway, Symantec Proxysg

2 products

Advanced Secure Gateway

Symantec Proxysg

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Broadcom Advanced Secure Gateway	From 6.6 to 6.6.5.14
Broadcom Advanced Secure Gateway	From 6.7 to 6.7.3.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Broadcom Symantec Proxysg	From 6.5 to 6.5.10.8
Broadcom Symantec Proxysg	From 6.6 to 6.6.5.14
Broadcom Symantec Proxysg	From 6.7 to 6.7.3.1

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://www.securityfocus.com/bid/103685

Source: secure@symantec.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040757

Source: secure@symantec.com

Third Party AdvisoryVDB Entry

https://www.symantec.com/security-center/network-protection-security-advisories/SA162

Source: secure@symantec.com

Vendor Advisory

http://www.securityfocus.com/bid/103685

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040757

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.symantec.com/security-center/network-protection-security-advisories/SA162

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.