Symantec ProxySG 6.5 < 18.104.22.168 / 6.6 < 22.214.171.124 / 6.7 < 126.96.36.199 Multiple Vulnerabilities (SA162)
Medium Nessus Plugin ID 109035
SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionThe self-reported SGOS version installed on the remote Symantec ProxySG device is 6.5.x prior to 188.8.131.52, 6.6.x prior to 184.108.40.206, or 6.7 prior to 220.127.116.11. It is, therefore, affected by multiple vulnerabilities :
- An unrestricted file upload vulnerability exists in the ASG and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. (CVE-2016-10258)
- A denial-of-service (DoS) vulnerability in the ASG and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. (CVE-2017-13677)
SolutionUpgrade to Symantec ProxySG SGOS version 18.104.22.168 / 22.214.171.124 / 126.96.36.199 or later.