SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionThe self-reported SGOS version installed on the remote Symante ProxySG device is 6.5.x prior to 22.214.171.124, 6.6.x prior to 126.96.36.199, 6.7.3.x prior to 188.8.131.52, or 6.7.4.x prior to 184.108.40.206. It is, therefore, affected by multiple vulnerabilities:
- An unrestricted file upload vulnerability exists in the ASG and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. (CVE-2016-10258)
- A denial-of-service (DoS) vulnerability in the ASG and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
SolutionUpgrade to Symantec ProxySG SGOS version 220.127.116.11 / 18.104.22.168 / 22.214.171.124 / 126.96.36.199 or later.