Detections
Analytics

Symantec Web Gateway Database < 5.0.0.1277 Multiple Vulnerabilities (SYM15-009) (credentialed check)

critical Nessus Plugin ID 86150

Language:

Synopsis

A web security application hosted on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the remote web server is hosting a version of Symantec Web Gateway with a database component prior to version 5.0.0.1277. It is, therefore, affected by multiple vulnerabilities :

 - A flaw exists that allows the bypassing of access redirect restrictions. An authenticated, remote attacker can exploit this to inject commands with elevated privileges. (CVE-2015-5690)

 - A reflected cross-site scripting vulnerability exists in the management console due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary script in the user's browser session.
 (CVE-2015-5691)

 - A flaw exists in the admin_messages.php script due to improperly sanitizing user-uploaded files. An attacker can exploit this to execute arbitrary PHP code via a crafted file. (CVE-2015-5692)

 - A flaw exists related to Traffic Capture EoP due to the Hostname field in the administrator configuration facility not properly sanitizing user-supplied input before writing it to the '/etc/sysconfig/network' file, which is processed during startup and shutdown. An authenticated, remote attacker can exploit this, via a crafted hostname, to inject commands which are executed with root privileges. (CVE-2015-5693)

 - An unspecified flaw exists exists related to the Boot Time EoP. An authenticated, remote attacker can exploit this to inject arbitrary commands. (CVE-2015-5647)

 - A flaw exists in the edit_alert.php script due to not properly sanitizing user-supplied input to the 'alertid' and 'applianceid' GET parameters. An authenticated, remote attacker can exploit this to inject or manipulate SQL queries, resulting in the disclosure of arbitrary data. (CVE-2015-6548)

Solution

Upgrade to Symantec Web Gateway Database to 5.0.0.1277 or later.

See Also

http://www.nessus.org/u?30cc4ace

https://www.zerodayinitiative.com/advisories/ZDI-15-443/

https://www.zerodayinitiative.com/advisories/ZDI-15-444/

Plugin Details

Severity: Critical

ID: 86150

File Name: symantec_web_gateway_sym1-009.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 9/25/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2015-5690

CVSS v3

Risk Factor: Critical

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:symantec:web_gateway

Required KB Items: installed_sw/symantec_web_gateway

Exploit Ease: No exploit is required

Patch Publication Date: 9/16/2015

Vulnerability Publication Date: 9/16/2015

Reference Information

CVE: CVE-2015-5690, CVE-2015-5691, CVE-2015-5692, CVE-2015-5693, CVE-2015-6547, CVE-2015-6548

BID: 76725, 76726, 76728, 76729, 76730, 76731