CVE-2012-0297

Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.

La interfaz de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3 no restringe adecuadamente el acceso a los scripts de aplicaciones, lo que permite a atacantes remotos ejecutar código de su elección mediante (1) inyección de datos manipulados o (2) inclusión de datos manipulados.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists due to insufficiently filtered user-supplied data used in a call to exec() in multiple script pages. The affected scripts are located in '/spywall/ipchange.php' and 'network.php'. There is also a flaw in '/spywall/download_file.php' that allows unauthenticated users to download and delete any file on the server.

Symantec Web Gateway version 5.0.2.8 suffers from local file inclusion, remote command execution, and arbitrary file deletion vulnerabilities.

*Credits: Tenable Network Security

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-01-04 CVE Reserved
2012-05-21 CVE Published
2012-05-26 First Exploit
2024-08-06 CVE Updated
2024-11-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (7)

URL	Tag	Source
http://www.securityfocus.com/bid/53444	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75731	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/18942	2012-05-28
https://www.exploit-db.com/exploits/19406	2012-06-27
https://www.exploit-db.com/exploits/18932	2012-05-26
https://www.exploit-db.com/exploits/19065	2012-06-12

URL	Date	SRC

URL	Date	SRC
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00	2012-05-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Symantec Search vendor "Symantec"		Web Gateway Search vendor "Symantec" for product "Web Gateway"				5.0 Search vendor "Symantec" for product "Web Gateway" and version "5.0"		-		Affected
Symantec Search vendor "Symantec"		Web Gateway Search vendor "Symantec" for product "Web Gateway"				5.0.1 Search vendor "Symantec" for product "Web Gateway" and version "5.0.1"		-		Affected
Symantec Search vendor "Symantec"		Web Gateway Search vendor "Symantec" for product "Web Gateway"				5.0.2 Search vendor "Symantec" for product "Web Gateway" and version "5.0.2"		-		Affected