cbcvebase.
CVE-2016-10258
published 2018-04-11

CVE-2016-10258: Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can…

PriorityP344medium6.8CVSS 3.0
AVNACLPRHUIRSUCHIHAH
EXPLOIT
EPSS
4.94%
91.1th percentile
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.

Affected

10 ranges
VendorProductVersion rangeFixed in
broadcomadvanced_secure_gateway>= 6.6 < 6.6.5.146.6.5.14
broadcomadvanced_secure_gateway>= 6.7 < 6.7.3.16.7.3.1
broadcomsymantec_proxysg>= 6.5 < 6.5.10.86.5.10.8
broadcomsymantec_proxysg>= 6.6 < 6.6.5.146.6.5.14
broadcomsymantec_proxysg>= 6.7 < 6.7.3.16.7.3.1
symantec_corporationadvanced_secure_gateway
symantec_corporationadvanced_secure_gateway
symantec_corporationproxysg
symantec_corporationproxysg
symantec_corporationproxysg

CVSS provenance

nvdv3.06.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.