CVE-2016-9097

CWE-2643 documents3 sources

Severity

7.2HIGH

EPSS

1.2%

top 20.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Corporation Symantec Advanced Secure Gateway (asg) AND Proxysg Broadcom Advanced Secure Gateway Broadcom Symantec Proxysg

Timeline

PublishedMay 11

Latest updateMay 13

Description

The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5symantec_corporation/symantec_advanced_secure_gateway_(asg)_and_proxysgASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2

▶NVDbroadcom/symantec_proxysg24 versions+23

▶NVDbroadcom/advanced_secure_gateway5 versions+4

🔴Vulnerability Details

GHSA

GHSA-qjw8-fqfp-g4fh: The Symantec Advanced Secure Gateway (ASG) 6↗2022-05-13

▶

CVEList

CVE-2016-9097: The Symantec Advanced Secure Gateway (ASG) 6↗2017-05-11

▶