CVE-2016-10258
Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload
Severity Score
6.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
Vulnerabilidad de subida de archivos sin restricción en las consolas de gestión Symantec Advanced Secure Gateway (ASG) y ProxySG. Un administrador de aparatos malicioso puede subir archivos arbitrarios maliciosos a la consola de gestión y engañar a otro usuario administrador para que descargue y ejecute código malicioso.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-03-23 CVE Reserved
- 2018-04-11 CVE Published
- 2019-09-16 First Exploit
- 2024-01-25 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103685 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040757 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/47392 | 2019-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | 2021-07-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Broadcom Search vendor "Broadcom" | Advanced Secure Gateway Search vendor "Broadcom" for product "Advanced Secure Gateway" | >= 6.6 < 6.6.5.14 Search vendor "Broadcom" for product "Advanced Secure Gateway" and version " >= 6.6 < 6.6.5.14" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Advanced Secure Gateway Search vendor "Broadcom" for product "Advanced Secure Gateway" | >= 6.7 < 6.7.3.1 Search vendor "Broadcom" for product "Advanced Secure Gateway" and version " >= 6.7 < 6.7.3.1" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | >= 6.5 < 6.5.10.8 Search vendor "Broadcom" for product "Symantec Proxysg" and version " >= 6.5 < 6.5.10.8" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | >= 6.6 < 6.6.5.14 Search vendor "Broadcom" for product "Symantec Proxysg" and version " >= 6.6 < 6.6.5.14" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | >= 6.7 < 6.7.3.1 Search vendor "Broadcom" for product "Symantec Proxysg" and version " >= 6.7 < 6.7.3.1" | - |
Affected
| ||||||