New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 3.6
SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionThe self-reported SGOS version installed on the remote Symantec ProxySG device is 6.5.x prior to 126.96.36.199 or 6.6.x prior to 188.8.131.52. It is, therefore, affected by the following vulnerabilities:
- A cross-site scripting (XSS) vulnerability in ProxySG FTP proxy WebFTP mode.
- An information disclosure vulnerability exists in ProxySG FTP proxy WebFTP mode.
An authenticated, remote attacker can exploit this, via intercepting FTP connections where a user accesses an FTP server, to obtain plaintext authentication credentials. (CVE-2018-18371)
SolutionUpgrade to Symantec ProxySG SGOS version 184.108.40.206, 220.127.116.11 or later.