CVE-2018-18371

CWE-327 — Broken Cryptographic Algorithm3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 51.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Advanced Secure Gateway Broadcom Symantec Proxysg Symantec Corporation Symantec Advanced Secure Gateway (asg)+1 more

Timeline

PublishedAug 30

Latest updateMay 24

Description

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDbroadcom/symantec_proxysg6.5 — 6.5.10.15+2

▶CVEListV5symantec_corporation/symantec_proxysg6.5 prior to 6.5.10.15, 6.6, 6.7 prior to 6.7.4.2+2

▶NVDbroadcom/advanced_secure_gateway6.7 — 6.7.4.2+1

▶CVEListV5symantec_corporation/symantec_advanced_secure_gateway_(asg)6.6 and 6.7 prior to 6.7.4.2

🔴Vulnerability Details

GHSA

GHSA-863p-h29x-84j2: The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser↗2022-05-24

▶

CVEList

CVE-2018-18371: The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser↗2019-08-29

▶