Symantec ProxySG 6.5 < 220.127.116.11 / 6.6 < 18.104.22.168 / 6.7 < 22.214.171.124 Multiple Vulnerabilities (SA162)
Medium Nessus Plugin ID 109035
SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionThe self-reported SGOS version installed on the remote Symantec ProxySG device is 6.5.x prior to 126.96.36.199, 6.6.x prior to 188.8.131.52, or 6.7 prior to 184.108.40.206. It is, therefore, affected by multiple vulnerabilities :
- An unrestricted file upload vulnerability exists in the ASG and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. (CVE-2016-10258)
- A denial-of-service (DoS) vulnerability in the ASG and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. (CVE-2017-13677)
SolutionUpgrade to Symantec ProxySG SGOS version 220.127.116.11 / 18.104.22.168 / 22.214.171.124 or later.