CVE-2014-7285

Опубликовано: 17 дек. 2014

Источник: nvd

CVSS2: 6.5

EPSS Высокий

Описание

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Ссылки

http://karmainsecurity.com/KIS-2014-19
http://osvdb.org/show/osvdb/116009
http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html
http://www.exploit-db.com/exploits/36263
http://www.securityfocus.com/bid/71620
http://www.securitytracker.com/id/1031386
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00
Vendor Advisory
http://karmainsecurity.com/KIS-2014-19
http://osvdb.org/show/osvdb/116009
http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html
http://www.exploit-db.com/exploits/36263
http://www.securityfocus.com/bid/71620
http://www.securitytracker.com/id/1031386
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*

Версия до 5.2.1 (включая)

EPSS

Процентиль: 99%

0.74024

Высокий

6.5 Medium

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-jrrc-8w3m-x99x

github

больше 3 лет назад