Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2977

CWE-2645 documents4 sources
Severity
5.0MEDIUM
EPSS
16.1%
top 5.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec WEB Gateway
Timeline
PublishedJul 23
Latest updateMay 17

Description

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsymantec/web_gateway4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-g79j-5p9g-cvwr: The management console in Symantec Web Gateway 52022-05-17
CVEList
CVE-2012-2977: The management console in Symantec Web Gateway 52012-07-23

💥Exploits & PoCs

2
Exploit-DB
Symantec Web Gateway 5.0.3.18 - Arbitrary Password Change2012-08-21
Exploit-DB
Symantec Web Gateway 5.0.3.18 - Arbitrary Password Change (Metasploit)2012-08-21
CVE-2012-2977 (MEDIUM CVSS 5) | The management console in Symantec | cvebase.io