CVE-2013-5017

Опубликовано: 18 июн. 2014

Источник: nvd

CVSS3: 9.8

CVSS2: 7.9

EPSS Средний

Описание

SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.

Комментарий

Per: http://cwe.mitre.org/data/definitions/77.html

"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"

Ссылки

http://www.securityfocus.com/bid/67752
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030443
Third Party Advisory
VDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Vendor Advisory
http://www.securityfocus.com/bid/67752
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030443
Third Party Advisory
VDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*

Версия до 5.2 (включая)

EPSS

Процентиль: 96%

0.2387

Средний

9.8 Critical

CVSS3

7.9 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-j3f3-6rc8-9pf9