Symantec ProxySG 6.5 < / 6.6 < / 6.7.3 < / 6.7.4 < Multiple Vulnerabilities (SA162)

Medium Nessus Plugin ID 109035


The remote device is affected by multiple vulnerabilities.


The self-reported SGOS version installed on the remote Symante ProxySG device is 6.5.x prior to, 6.6.x prior to, 6.7.3.x prior to, or 6.7.4.x prior to It is, therefore, affected by multiple vulnerabilities:

- An unrestricted file upload vulnerability exists in the ASG and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. (CVE-2016-10258)

- A denial-of-service (DoS) vulnerability in the ASG and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.

- A stored XSS vulnerability exists the ASG and ProxySG management consoles in that a malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.


Upgrade to Symantec ProxySG SGOS version / / / or later.

See Also

Plugin Details

Severity: Medium

ID: 109035

File Name: symantec_proxy_sg_SA162.nasl

Version: 1.7

Type: local

Family: Firewalls

Published: 2018/04/13

Updated: 2020/01/07

Dependencies: 68992

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2016-10258

CVSS v2.0

Base Score: 6

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 6.8

Temporal Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/h:symantec:proxysg

Required KB Items: Host/BlueCoat/ProxySG/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/04/10

Vulnerability Publication Date: 2018/04/10

Reference Information

CVE: CVE-2016-10258, CVE-2017-13677, CVE-2017-13678

BID: 103685