Published: 23/07/2012 Updated: 22/12/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The management console in Symantec Web Gateway 5.0.x prior to allows local users to gain privileges by modifying files, related to a "file inclusion" issue.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

symantec web gateway 5.0

symantec web gateway 5.0.1

symantec web gateway 5.0.2

symantec web gateway 5.0.3

Vendor Advisories

Symantec's Web Gateway management console is susceptible to multiple security issues that include remote command execution, local file inclusion, arbitrary password change and SQL injection security issues   Successful exploitation could result in unauthorized command execution on or access to the management console and backend database ...


#!/usr/bin/python ''' The original patch for the Symantec Web Gateway 502 LFI vulnerability removed the /tmp/networkScript file but left the entry in /etc/sudoers, allowing us to simply recreate the file and obtain a root shell using a different LFI vulnerability Timeline: # 06 Jun 2012: Vulnerability reported to CERT # 08 Jun 2012: Response ...