PT-2019-9587 · Symantec · Asg+1
Published
2019-08-29
·
Updated
2021-07-08
·
CVE-2018-18371
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ASG versions 6.6 and 6.7 prior to 6.7.4.2
ProxySG versions 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2
Description
An information disclosure issue in the WebFTP mode of the ASG/ProxySG FTP proxy allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. This occurs when a user accesses an FTP server via a ftp:// URL in a web browser.
Recommendations
For ASG versions 6.6 and 6.7 prior to 6.7.4.2, update to version 6.7.4.2 or later.
For ProxySG version 6.5, update to version 6.5.10.15 or later.
For ProxySG versions 6.6 and 6.7 prior to 6.7.4.2, update to version 6.7.4.2 or later.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asg
Proxysg