CVE-2016-9099

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 45.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Advanced Secure Gateway Broadcom Symantec Proxysg Symantec Corporation ASG +1 more

Timeline

PublishedMay 11

Latest updateMay 13

Description

Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDbroadcom/symantec_proxysg6.5 — 6.5.10.6+2

▶CVEListV5symantec_corporation/proxysg6.5 prior to 6.5.10.6, 6.6, 6.7 prior to 6.7.2.1+2

▶NVDbroadcom/advanced_secure_gateway6.7 — 6.7.2.1+1

▶CVEListV5symantec_corporation/asg6.6, 6.7 prior to 6.7.2.1+1

🔴Vulnerability Details

GHSA

GHSA-r27c-c98m-6x4q: Symantec Advanced Secure Gateway (ASG) 6↗2022-05-13

▶

CVEList

CVE-2016-9099: Symantec Advanced Secure Gateway (ASG) 6↗2017-05-11

▶