CVE-2018-18371

Name of the Vulnerable Software and Affected Versions ASG versions 6.6 and 6.7 prior to 6.7.4.2 ProxySG versions 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2

Description An information disclosure issue in the WebFTP mode of the ASG/ProxySG FTP proxy allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. This occurs when a user accesses an FTP server via a ftp:// URL in a web browser.

Recommendations For ASG versions 6.6 and 6.7 prior to 6.7.4.2, update to version 6.7.4.2 or later. For ProxySG version 6.5, update to version 6.5.10.15 or later. For ProxySG versions 6.6 and 6.7 prior to 6.7.4.2, update to version 6.7.4.2 or later.