CVE-2018-18371
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
El modo WebFTP del proxy FTP de ASG/ProxySG, permite interceptar conexiones FTP donde un usuario accede a un servidor FTP por medio de una URL ftp:// en un navegador web. Una vulnerabilidad de divulgación de información en el modo WebFTP permite a un usuario malicioso obtener credenciales de aute de texto plano para un servidor FTP remoto desde un listado web del servidor FTP de ASG/ProxySG. Versiones afectadas: ASG versión 6.6 y versiones 6.7 anteriores a 6.7.4.2; ProxySG versiones 6.5 anteriores a 6.5.10.15, 6.6, y versiones 6.7 anteriores a 6.7.4.2.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-15 CVE Reserved
- 2019-08-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.symantec.com/us/en/article.SYMSA1472.html | 2021-07-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Broadcom Search vendor "Broadcom" | Advanced Secure Gateway Search vendor "Broadcom" for product "Advanced Secure Gateway" | >= 6.7 < 6.7.4.2 Search vendor "Broadcom" for product "Advanced Secure Gateway" and version " >= 6.7 < 6.7.4.2" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Advanced Secure Gateway Search vendor "Broadcom" for product "Advanced Secure Gateway" | 6.6 Search vendor "Broadcom" for product "Advanced Secure Gateway" and version "6.6" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | >= 6.5 < 6.5.10.15 Search vendor "Broadcom" for product "Symantec Proxysg" and version " >= 6.5 < 6.5.10.15" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | >= 6.7 < 6.7.4.2 Search vendor "Broadcom" for product "Symantec Proxysg" and version " >= 6.7 < 6.7.4.2" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | 6.6 Search vendor "Broadcom" for product "Symantec Proxysg" and version "6.6" | - |
Affected
|