cbcvebase.
CVE-2012-3579
published 2012-08-29

CVE-2012-3579: Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged…

PriorityP264high7.9CVSS 2.0
AVAACMAuNCCICAC
EXPLOIT
EPSS
40.21%
98.5th percentile
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.

Affected

5 ranges
VendorProductVersion rangeFixed in
symantecmessaging_gateway<= 9.5.4
symantecmessaging_gateway
symantecmessaging_gateway
symantecmessaging_gateway
symantecmessaging_gateway

Detection & IOCsextracted from sources · hover to see the quote

commanduser = 'support' / pass = 'symantec'
  • Detect SSH login attempts using the username 'support' with password 'symantec' against port 22 on Symantec Messaging Gateway devices.
  • Alert on successful SSH authentication for the 'support' account on SMG appliances, especially followed by execution of /bin/sh as an interactive shell.
  • SSH auth_methods used in exploitation are 'password' and 'keyboard-interactive'; monitor for these auth method sequences from external IPs against SMG SSH.
  • ·The vulnerability affects Symantec Messaging Gateway versions before 10.0 (specifically confirmed on 9.5 and 9.5.1). Upgrade to SMG 10.0 or later to remediate the default credential.
  • ·The 'support' backdoor account with password 'symantec' provides privileged SSH access; this is a hardcoded default credential, not a user-configurable setting.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.