Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2957

CWE-2644 documents4 sources
Severity
7.2HIGH
EPSS
6.9%
top 8.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec WEB Gateway
Timeline
PublishedJul 23
Latest updateMay 17

Description

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDsymantec/web_gateway4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-fc3m-8f73-v5rj: The management console in Symantec Web Gateway 52022-05-17
CVEList
CVE-2012-2957: The management console in Symantec Web Gateway 52012-07-23

💥Exploits & PoCs

1
Exploit-DB
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution2012-07-24
CVE-2012-2957 (HIGH CVSS 7.2) | The management console in Symantec | cvebase.io