CVE-2014-7285

high

Description

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

References

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00

http://www.securitytracker.com/id/1031386

http://www.securityfocus.com/bid/71620

http://www.exploit-db.com/exploits/36263

http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html

http://osvdb.org/show/osvdb/116009

http://karmainsecurity.com/KIS-2014-19

Details

Source: Mitre, NVD

Published: 2014-12-17

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.70626

Detections

Analytics