Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0297

CWE-2648 documents5 sources

Severity

10.0CRITICAL

EPSS

89.5%

top 0.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec WEB Gateway

Timeline

PublishedMay 21

Latest updateMay 4

Description

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDsymantec/web_gateway5.0, 5.0.1, 5.0.2+2

🔴Vulnerability Details

GHSA

GHSA-ww7c-5x66-rfwr: The management GUI in Symantec Web Gateway 5↗2022-05-04

▶

CVEList

CVE-2012-0297: The management GUI in Symantec Web Gateway 5↗2012-05-21

▶

VulnCheck

Symantec Web Gateway 5.0.x before 5.0.3 management GUI Remote Code Execution↗2012

▶

💥Exploits & PoCs

Exploit-DB

symantec Web gateway 5.0.2.8 - Multiple Vulnerabilities↗2012-06-27

▶

Exploit-DB

Symantec Web Gateway 5.0.2.8 - 'ipchange.php' Command Injection (Metasploit)↗2012-06-12

▶

Exploit-DB

Symantec Web Gateway 5.0.2.8 - Command Execution (Metasploit)↗2012-05-28

▶

Exploit-DB

Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution↗2012-05-26

▶