PT-2017-9951 · Symantec · Symantec Advanced Secure Gateway+1
Published
2017-05-11
·
Updated
2021-07-08
·
CVE-2016-9097
CVSS v2.0
8.0
High
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
Symantec Advanced Secure Gateway (ASG) versions 6.6 prior to 6.6.5.8
ProxySG versions 6.5 prior to 6.5.10.6
ProxySG versions 6.6 prior to 6.6.5.8
ProxySG versions 6.7 prior to 6.7.1.2
Description
The management consoles of the affected software do not correctly authorize administrator users under certain circumstances. A malicious administrator with read-only access can exploit this issue to access management console functionality that requires read-write access privileges.
Recommendations
For Symantec Advanced Secure Gateway (ASG) version 6.6, update to version 6.6.5.8 or later.
For ProxySG version 6.5, update to version 6.5.10.6 or later.
For ProxySG version 6.6, update to version 6.6.5.8 or later.
For ProxySG version 6.7, update to version 6.7.1.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proxysg
Symantec Advanced Secure Gateway