CVE-2013-5017
critical
CVSS v3
9.8
CVSS v2
7.9
VIR risk
9.8
Description
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@symantec.com — http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | web_gateway | {"endIncluding":"5.2"} | |
References
- http://www.securityfocus.com/bid/67752
- http://www.securitytracker.com/id/1030443
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
- http://www.securityfocus.com/bid/67752
- http://www.securitytracker.com/id/1030443
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Verify integrity in audit chain (admin only). AS-IS.