CVE-2015-5692
Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file.
Vulnerabilidad en admin_messages.php en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usuarios remotos autenticados ejecutar código arbitrario subiendo un archivo con una extensión segura y tipo de contenido, aprovechando entonces una configuración de Sudo incorrecta para hacer de esto un archivo setuid-root.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability, however it can be bypassed via reflected cross-site scripting.
The specific flaw exists within the admin_messages.php file which relies on mimetypes and file extensions to block potentially dangerous file uploads. An attacker can exploit this condition to upload arbitrary files as the apache user. Due to loose sudo restrictions, an attacker can add the setuid attribute and execute arbitrary code under the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-07-28 CVE Reserved
- 2015-09-16 CVE Published
- 2023-09-15 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/76726 | Vdb Entry | |
http://www.securitytracker.com/id/1033625 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-15-443 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | <= 5.2.2 Search vendor "Symantec" for product "Web Gateway" and version " <= 5.2.2" | - |
Affected
|