Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-6328

CWE-352 — Cross-Site Request Forgery (CSRF)6 documents5 sources

Severity

8.8HIGH

EPSS

0.9%

top 24.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Message Gateway Symantec Corporation Messaging Gateway

Timeline

PublishedAug 11

Latest updateMay 17

Description

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5symantec_corporation/messaging_gatewayAll versions prior to version 10.6.3-267

▶NVDsymantec/message_gateway10.6.3-2

🔴Vulnerability Details

GHSA

GHSA-v26p-6c8q-68r2: The Symantec Messaging Gateway before 10↗2022-05-17

▶

OSV

libexif vulnerabilities↗2020-02-11

▶

CVEList

CVE-2017-6328: The Symantec Messaging Gateway before 10↗2017-08-11

▶

💥Exploits & PoCs

Exploit-DB

Unitrends UEB 10.0 - Root Remote Code Execution↗2018-03-16

▶

Exploit-DB

Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery↗2017-08-09

▶