Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-10258

CWE-434Unrestricted File Upload4 documents4 sources
Severity
6.8MEDIUM
EPSS
10.5%
top 6.76%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Broadcom Advanced Secure GatewayBroadcom Symantec ProxysgSymantec Corporation Advanced Secure Gateway (asg)+1 more
Timeline
PublishedApr 11
Latest updateMay 13

Description

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5symantec_corporation/advanced_secure_gateway_(asg)6.6 prior to 6.6.5.14, 6.7 prior to 6.7.3.1+1
NVDbroadcom/advanced_secure_gateway6.66.6.5.14+1
NVDbroadcom/symantec_proxysg6.56.5.10.8+2
CVEListV5symantec_corporation/proxysg6.5 prior to 6.5.10.8, 6.6 prior to 6.6.5.14, 6.7 prior to 6.7.3.1+2

🔴Vulnerability Details

2
GHSA
GHSA-8586-qhh3-x99v: Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles2022-05-13
CVEList
CVE-2016-10258: Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles2018-04-11

💥Exploits & PoCs

1
Exploit-DB
Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload2019-09-16
CVE-2016-10258 (MEDIUM CVSS 6.8) | Unrestricted file upload vulnerabil | cvebase.io