CVE-2018-5241

Name of the Vulnerable Software and Affected Versions Symantec Advanced Secure Gateway (ASG) versions 6.6 through 6.7 ProxySG versions 6.5 through 6.7

Description The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, the products incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature, potentially allowing the attacker to bypass user authentication security controls. This issue only affects authentication of network users in intercepted traffic and does not affect administrator user authentication for the management consoles.

Recommendations For Symantec Advanced Secure Gateway (ASG) versions 6.6 through 6.7, consider disabling SAML authentication until a patch is available. For ProxySG versions 6.5 through 6.7, consider disabling SAML authentication until a patch is available. As a temporary workaround, restrict access to the SAML authentication realm to minimize the risk of exploitation.