Published: 01/08/2013 Updated: 17/01/2014

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 4.1

VMScore: 641

Vector: AV:A/AC:L/Au:M/C:C/I:C/A:C

The management console on the Symantec Web Gateway (SWG) appliance prior to 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symantec web_gateway 5.0
symantec web_gateway 5.0.1
symantec web_gateway 5.0.2
symantec web_gateway 5.0.3
symantec web_gateway 5.0.3.18
symantec web_gateway
symantec web_gateway_appliance_8450 -
symantec web_gateway_appliance_8490 -

Symantec Web Gateway versions 510* and below suffer from cross site request forgery, cross site scripting, command injection, and remote SQL injection vulnerabilities ...

CWE-264 http://www.securityfocus.com/bid/61104 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00 http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html http://osvdb.org/95695 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt https://nvd.nist.gov https://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-4672

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect