CVE-2015-5692

admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file.

CVSS v2.0 7.9 HIGH

7.9^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:M/C:C/I:C/A:C

Exploitability : 5.5 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication MULTIPLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/76726
http://www.securitytracker.com/id/1033625
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-15-443/

Configurations

Configuration 1 (hide)

cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-09-20 20:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-5692

Mitre link : CVE-2015-5692

CVE.ORG link : CVE-2015-5692

JSON object : View

Products Affected

symantec

web_gateway

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2015-5692", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:M/C:C/I:C/A:C", "authentication": "MULTIPLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-20T20:59:07.353", "references": [{"url": "http://www.securityfocus.com/bid/76726", "source": "secure@symantec.com"}, {"url": "http://www.securitytracker.com/id/1033625", "source": "secure@symantec.com"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-443/", "source": "secure@symantec.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file."}, {"lang": "es", "value": "Vulnerabilidad en admin_messages.php en la consola de gesti\u00f3n en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario subiendo un archivo con una extensi\u00f3n segura y tipo de contenido, aprovechando entonces una configuraci\u00f3n de Sudo incorrecta para hacer de esto un archivo setuid-root."}], "lastModified": "2016-12-22T03:00:05.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47C107AC-7C64-4630-A7C5-2A3275853166", "versionEndIncluding": "5.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}