10
CVSSv2

CVE-2012-2953

Published: 23/07/2012 Updated: 22/12/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The management console in Symantec Web Gateway 5.0.x prior to 5.0.3.18 allows remote malicious users to execute arbitrary commands via crafted input to application scripts.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

symantec web gateway 5.0

symantec web gateway 5.0.1

symantec web gateway 5.0.2

symantec web gateway 5.0.3

Vendor Advisories

Symantec's Web Gateway management console is susceptible to multiple security issues that include remote command execution, local file inclusion, arbitrary password change and SQL injection security issues   Successful exploitation could result in unauthorized command execution on or access to the management console and backend database ...

Exploits

#!/usr/bin/python import urllib import sys ''' print "[*] ##############################################################" print "[*] Symantec Web Gateway 50318 pbcontrolphp ROOT RCE Exploit" print "[*] Offensive Security - wwwoffensive-securitycom" print "[*] ##############################################################\n" # 06 Jun ...
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking ...

Metasploit Modules

Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection

This module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.

msf > use exploit/linux/http/symantec_web_gateway_pbcontrol
      msf exploit(symantec_web_gateway_pbcontrol) > show targets
            ...targets...
      msf exploit(symantec_web_gateway_pbcontrol) > set TARGET <target-id>
      msf exploit(symantec_web_gateway_pbcontrol) > show options
            ...show and set options...
      msf exploit(symantec_web_gateway_pbcontrol) > exploit

Github Repositories

https://github.com/sailay1996/offsec_WE

offsec_WE my learning case to prepare OSWE exam work in progress Atmail Mail Server Appliance Case Study (CVE-2012-2593) X-Cart Shopping Cart Case Study (CVE-2012-2570) SolarWinds Orion Case Study - (CVE-2012-2577) DELL SonicWall Scrutinizer Case Study - (CVE-2012-XXXX) SolarWinds Storage Manager 510 - (CVE-2012-2576) WhatsUp Gold 1502 Case Study - (CVE-2012-2589)

learning case to prepare OSWE

offsec_WE my learning case to prepare OSWE exam work in progress Atmail Mail Server Appliance Case Study (CVE-2012-2593) X-Cart Shopping Cart Case Study (CVE-2012-2570) SolarWinds Orion Case Study - (CVE-2012-2577) DELL SonicWall Scrutinizer Case Study - (CVE-2012-XXXX) SolarWinds Storage Manager 510 - (CVE-2012-2576) WhatsUp Gold 1502 Case Study - (CVE-2012-2589)