CVE-2016-2203
published 2016-04-22CVE-2016-2203: The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by…
PriorityP348high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
7.06%
93.4th percentile
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| symantec | messaging_gateway | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure (Metasploit)
exploitdb·2016-04-21·CVSS 7.8
CVE-2016-2203 [HIGH] Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure (Metasploit)
Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure (Metasploit)
---
# Exploit Title: Symantec Brightmail ldap credential Grabber
# Date: 18/04/2016
# Exploit Author: Fakhir Karim Reda
# Vendor Homepage: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year&suid=20160418_00
# Version: 10.6.0-7 and earlier
# Tested on: Linux, Unox Windows
# CVE : CVE-2016-2203
#Symantec Brightmail 10.6.0-7 and earlier save the AD password somewhere in the product. By having a read account on the gateway we can recover the AD #ACOUNT/PASSWORD
#indeed the html code contains the encrypted AD password.
#the encryption and decryption part is implemented in Java in the appliance, by reversing the code we get to know the encryption algo
Metasploit
Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability
metasploit
Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability
Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability
This module will grab the AD account saved in Symantec Messaging Gateway and then decipher it using the disclosed Symantec PBE key. Note that authentication is required in order to successfully grab the LDAP credentials, and you need at least a read account. Version 10.6.0-7 and earlier are affected
No writeups or analysis indexed.
http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-Credential-Grabber.htmlhttp://www.securityfocus.com/bid/86137http://www.securitytracker.com/id/1035609http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00https://www.exploit-db.com/exploits/39715/http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-Credential-Grabber.htmlhttp://www.securityfocus.com/bid/86137http://www.securitytracker.com/id/1035609http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00https://www.exploit-db.com/exploits/39715/
2016-04-22
Published