Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-2203

CWE-2554 documents4 sources

Severity

7.8HIGH

EPSS

29.6%

top 3.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Messaging Gateway

Timeline

PublishedApr 22

Latest updateMay 14

Description

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDsymantec/messaging_gateway10.6.0

🔴Vulnerability Details

GHSA

GHSA-w4px-29jm-36xf: The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10↗2022-05-14

▶

CVEList

CVE-2016-2203: The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10↗2016-04-22

▶

💥Exploits & PoCs

Exploit-DB

Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure (Metasploit)↗2016-04-21

▶