PT-2017-9954 · Symantec · Symantec Advanced Secure Gateway+1
Published
2017-05-11
·
Updated
2021-07-08
·
CVE-2016-9100
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Symantec Advanced Secure Gateway (ASG) versions 6.6 prior to 6.6.5.13
Symantec Advanced Secure Gateway (ASG) versions 6.7 prior to 6.7.3.1
ProxySG versions 6.5 prior to 6.5.10.6
ProxySG versions 6.6 prior to 6.6.5.13
ProxySG versions 6.7 prior to 6.7.3.1
Description
The issue allows an attacker with local access to the client host of an authenticated administrator user to obtain sensitive authentication credential information under certain circumstances.
Recommendations
For Symantec Advanced Secure Gateway (ASG) versions 6.6 prior to 6.6.5.13, update to version 6.6.5.13 or later.
For Symantec Advanced Secure Gateway (ASG) versions 6.7 prior to 6.7.3.1, update to version 6.7.3.1 or later.
For ProxySG versions 6.5 prior to 6.5.10.6, update to version 6.5.10.6 or later.
For ProxySG versions 6.6 prior to 6.6.5.13, update to version 6.6.5.13 or later.
For ProxySG versions 6.7 prior to 6.7.3.1, update to version 6.7.3.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proxysg
Symantec Advanced Secure Gateway