SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionThe self-reported SGOS version installed on the remote Symantec ProxySG device is 6.5.x prior to 22.214.171.124 or 6.6.x prior to 126.96.36.199. It is, therefore, affected by the following vulnerabilities:
- A cross-site scripting (XSS) vulnerability in ProxySG FTP proxy WebFTP mode.
- An information disclosure vulnerability exists in ProxySG FTP proxy WebFTP mode.
An authenticated, remote attacker can exploit this, via intercepting FTP connections where a user accesses an FTP server, to obtain plaintext authentication credentials. (CVE-2018-18371)
SolutionUpgrade to Symantec ProxySG SGOS version 188.8.131.52, 184.108.40.206 or later.