CVE-2016-5313
high
CVSS v3
8.8
CVSS v2
9.0
VIR risk
8.8
Description
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@symantec.com — https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161005_00
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | web_gateway | {"endIncluding":"5.2.2"} | |
References
- http://packetstormsecurity.com/files/139006/Symantec-Web-Gateway-5.2.2-OS-Command-Injection.html
- http://seclists.org/fulldisclosure/2016/Oct/24
- http://www.securityfocus.com/bid/93284
- http://www.securitytracker.com/id/1036973
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161005_00
- http://packetstormsecurity.com/files/139006/Symantec-Web-Gateway-5.2.2-OS-Command-Injection.html
- http://seclists.org/fulldisclosure/2016/Oct/24
- http://www.securityfocus.com/bid/93284
- http://www.securitytracker.com/id/1036973
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161005_00
CWEs
CWE-78
Verify integrity in audit chain (admin only). AS-IS.