CVE-2017-6326
critical
CVSS v3
10.0
CVSS v2
10.0
VIR risk
10.0
Description
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
Predictions
Exploit likelihood
98%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@symantec.com — https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | messaging_gateway | {"endIncluding":"10.6.3"} | |
References
- http://www.securityfocus.com/bid/98893
- http://www.securitytracker.com/id/1038785
- https://www.exploit-db.com/exploits/42251/
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00
- http://www.securityfocus.com/bid/98893
- http://www.securitytracker.com/id/1038785
- https://www.exploit-db.com/exploits/42251/
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00
Verify integrity in audit chain (admin only). AS-IS.