CVE-2016-2203

Опубликовано: 22 апр. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 2.1

EPSS Средний

Описание

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.

Ссылки

http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-Credential-Grabber.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/86137
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035609
Third Party Advisory
VDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00
Vendor Advisory
https://www.exploit-db.com/exploits/39715/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-Credential-Grabber.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/86137
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035609
Third Party Advisory
VDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00
Vendor Advisory
https://www.exploit-db.com/exploits/39715/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch3:*:*:*:*:*:*

cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch5:*:*:*:*:*:*

cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch7:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.29571

Средний

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-w4px-29jm-36xf