Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-9097

Опубликовано: 11 мая 2017
Источник: nvd
CVSS3: 7.2
CVSS2: 8
EPSS Низкий

Описание

The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.5.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6.5:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 79%
0.01223
Низкий

7.2 High

CVSS3

8 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-qjw8-fqfp-g4fh

CVSS3: 7.2
github
больше 3 лет назад

The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.

EPSS

Процентиль: 79%
0.01223
Низкий

7.2 High

CVSS3

8 High

CVSS2

Дефекты

CWE-264