5
CVSSv2

CVE-2012-2977

Published: 23/07/2012 Updated: 22/12/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 510
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The management console in Symantec Web Gateway 5.0.x prior to 5.0.3.18 allows remote malicious users to change arbitrary passwords via crafted input to an application script.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

symantec web gateway 5.0

symantec web gateway 5.0.1

symantec web gateway 5.0.2

symantec web gateway 5.0.3

Vendor Advisories

Symantec's Web Gateway management console is susceptible to multiple security issues that include remote command execution, local file inclusion, arbitrary password change and SQL injection security issues   Successful exploitation could result in unauthorized command execution on or access to the management console and backend database ...

Exploits

#!/usr/bin/python import urllib import urllib2 import re import sys print "[*] ###########################################################" print "[*] Symantec Web Gateway <= 50318 Arbitrary Password Change" print "[*] @_Kc57" print "[*] ###########################################################\n" if (len(sysargv) != 4): print "Usage: ...
## # @_Kc57 # Symantec Web Gateway <= 50318 Arbitrary Password Change ## require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize(info={}) super(update_info(info, 'Name' => "Symantec Web Gateway <= 50318 Arbitrary Password Change", 'Description' => ...