Detections
Analytics

Symantec Messaging Gateway 10.x < 10.6.1 Management Console Multiple Vulnerabilities (SYM16-005)

high Nessus Plugin ID 90919

Language:

Synopsis

A messaging security application running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Symantec Messaging Gateway (SMG) running on the remote host is 10.x prior to 10.6.1. It is, therefore, affected by multiple vulnerabilities :

 - A privilege escalation vulnerability exists in the SMG management console due to AD password information being insecurely stored and encrypted. A local attacker who has read-level access can exploit this, by reverse engineering the encrypted AD password, to gain unauthorized, elevated access to additional resources on the network. Note that recovery of this password would not provide any additional access to the SMG appliance itself. (CVE-2016-2203)

 - A privilege escalation vulnerability exists due to an unspecified flaw in the SMG management console. A local attacker can exploit this, by manipulating code input to the terminal window, to gain access to the privileged root shell of the console. (CVE-2016-2204)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Symantec Messaging Gateway version 10.6.1 or later.

See Also

http://www.nessus.org/u?9adaf9d7

Plugin Details

Severity: High

ID: 90919

File Name: symantec_messaging_gateway_sym16-005.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 5/5/2016

Updated: 11/20/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2016-2204

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:messaging_gateway

Required KB Items: www/sym_msg_gateway

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 4/18/2014

Vulnerability Publication Date: 4/18/2016

Reference Information

CVE: CVE-2016-2203, CVE-2016-2204

BID: 86137, 86138