Symantec ProxySG 6.5 < 184.108.40.206 / 6.6 < 220.127.116.11 / 6.7 < 18.104.22.168 Multiple Vulnerabilities (SA162)
Medium Nessus Plugin ID 109035
SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionThe self-reported SGOS version installed on the remote Symantec ProxySG device is 6.5.x prior to 22.214.171.124, 6.6.x prior to 126.96.36.199, or 6.7 prior to 188.8.131.52. It is, therefore, affected by multiple vulnerabilities :
- An unrestricted file upload vulnerability exists in the ASG and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. (CVE-2016-10258)
- A denial-of-service (DoS) vulnerability in the ASG and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. (CVE-2017-13677)
SolutionUpgrade to Symantec ProxySG SGOS version 184.108.40.206 / 220.127.116.11 / 18.104.22.168 or later.