The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
References
Link | Resource |
---|---|
https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331 | Vendor Advisory |
https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
21 Nov 2024, 06:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331 - Vendor Advisory |
06 Jul 2021, 15:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-40:-:*:*:*:*:*:*:* cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-20:-:*:*:*:*:*:*:* cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:* cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-30:-:*:*:*:*:*:*:* cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_500-10:-:*:*:*:*:*:*:* cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s200-30:-:*:*:*:*:*:*:* cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s500-20:-:*:*:*:*:*:*:* cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s200-40:-:*:*:*:*:*:*:* |
|
CWE | CWE-287 | |
References | (MISC) https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 9.8 |
30 Jun 2021, 11:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-30 11:15
Updated : 2024-11-21 06:04
NVD link : CVE-2021-30648
Mitre link : CVE-2021-30648
CVE.ORG link : CVE-2021-30648
JSON object : View
Products Affected
broadcom
- symantec_advanced_secure_gateway_s200-40
- symantec_advanced_secure_gateway_s500-20
- symantec_advanced_secure_gateway_500-10_firmware
- symantec_advanced_secure_gateway_s400-40_firmware
- symantec_advanced_secure_gateway_s200-30
- symantec_advanced_secure_gateway_s400-20_firmware
- symantec_advanced_secure_gateway_s500-20_firmware
- symantec_advanced_secure_gateway_s200-40_firmware
- symantec_advanced_secure_gateway_s400-20
- symantec_advanced_secure_gateway_s400-30_firmware
- symantec_advanced_secure_gateway_s400-30
- symantec_proxysg
- symantec_advanced_secure_gateway_s200-30_firmware
- symantec_advanced_secure_gateway_500-10
- symantec_advanced_secure_gateway_s400-40
CWE
CWE-287
Improper Authentication