CVE-2012-3579
published 2012-08-29CVE-2012-3579: Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged…
PriorityP264high7.9CVSS 2.0
AVAACMAuNCCICAC
EXPLOIT
EPSS
40.21%
98.5th percentile
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| symantec | messaging_gateway | <= 9.5.4 | — |
| symantec | messaging_gateway | — | — |
| symantec | messaging_gateway | — | — |
| symantec | messaging_gateway | — | — |
| symantec | messaging_gateway | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SSH login attempts using the username 'support' with password 'symantec' against port 22 on Symantec Messaging Gateway devices. ↗
- →Alert on successful SSH authentication for the 'support' account on SMG appliances, especially followed by execution of /bin/sh as an interactive shell. ↗
- →SSH auth_methods used in exploitation are 'password' and 'keyboard-interactive'; monitor for these auth method sequences from external IPs against SMG SSH. ↗
- ·The vulnerability affects Symantec Messaging Gateway versions before 10.0 (specifically confirmed on 9.5 and 9.5.1). Upgrade to SMG 10.0 or later to remediate the default credential. ↗
- ·The 'support' backdoor account with password 'symantec' provides privileged SSH access; this is a hardcoded default credential, not a user-configurable setting. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Symantec Messaging Gateway 9.5/9.5.1 - SSH Default Password Security Bypass (Metasploit)
exploitdb·2012-08-30
CVE-2012-3579 Symantec Messaging Gateway 9.5/9.5.1 - SSH Default Password Security Bypass (Metasploit)
Symantec Messaging Gateway 9.5/9.5.1 - SSH Default Password Security Bypass (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'net/ssh'
class Metasploit3 "Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability",
'Description' => %q{
This module exploits a default misconfiguration flaw on Symantec Messaging Gateway.
The 'support' user has a known default password, which can be used to login to the
SSH service, and gain privileged access from remote.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Stefan Viehbock', #Original discovery
Metasploit
Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability
metasploit
Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability
Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability
This module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/116277/Symantec-Messaging-Gateway-9.5-Default-SSH-Password.htmlhttp://www.securityfocus.com/bid/55143http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00https://exchange.xforce.ibmcloud.com/vulnerabilities/78034http://packetstormsecurity.com/files/116277/Symantec-Messaging-Gateway-9.5-Default-SSH-Password.htmlhttp://www.securityfocus.com/bid/55143http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00https://exchange.xforce.ibmcloud.com/vulnerabilities/78034
2012-08-29
Published