CVE-2013-1616

Published Aug 1, 2013

Last updated a month ago

CVSS info 8.3

Overview

Description: The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.
Source: secure@symantec.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 8.3
Impact score: 10
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B2BB75F-9AB3-4A27-993C-BD2077F4F3A9",
            "versionEndIncluding": "5.1"
          },
          {
            "criteria": "cpe:2.3:a:symantec:web_gateway:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F5B7857-75D5-4F77-81BF-7B55F743FD5F"
          },
          {
            "criteria": "cpe:2.3:a:symantec:web_gateway:5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4525DE38-3B1F-490C-A772-BA0456FB6126"
          },
          {
            "criteria": "cpe:2.3:a:symantec:web_gateway:5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3956706B-44B9-40BC-9AAB-78A9583A2858"
          },
          {
            "criteria": "cpe:2.3:a:symantec:web_gateway:5.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E5B2ABA-234A-43B1-8D91-33255F85AA26"
          },
          {
            "criteria": "cpe:2.3:a:symantec:web_gateway:5.0.3.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6286A061-2426-48A5-BCA2-CAB90D3B7406"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:symantec:web_gateway_appliance_8450:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4A72858-FBDC-4587-AC69-0BFA99031F92"
          },
          {
            "criteria": "cpe:2.3:h:symantec:web_gateway_appliance_8490:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9149CE42-E9F2-4778-8E79-3E1960F813D3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References