Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.9
CVSSv2

CVE-2015-5692

Published: 20/09/2015 Updated: 22/12/2016
CVSS v2 Base Score: 7.9 | Impact Score: 10 | Exploitability Score: 5.5
VMScore: 703
Vector: AV:N/AC:M/Au:M/C:C/I:C/A:C
Subscribe to Symantec

Vulnerability Summary

admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software prior to 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file.

Vulnerable Product Search on Vulmon Subscribe to Product

symantec web gateway

References

CWE-264http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00http://www.zerodayinitiative.com/advisories/ZDI-15-443/http://www.securityfocus.com/bid/76726http://www.securitytracker.com/id/1033625https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook