Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4347Path Traversal in Messaging Gateway

CWE-22Path Traversal5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
69.7%
top 1.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Messaging Gateway
Timeline
PublishedDec 5
Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsymantec/messaging_gateway5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-pxcw-hx23-fx3r: Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 92022-05-17
CVEList
CVE-2012-4347: Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 92012-12-05

💥Exploits & PoCs

1
Exploit-DB
Symantec Messaging Gateway 9.5.3-3 - Arbitrary File Download2012-12-03

📋Vendor Advisories

1
Red Hat
kernel: kvm: device assignment DoS2011-11-20
CVE-2012-4347 — Path Traversal in Symantec | cvebase