CVE-2020-12594 — Improper Privilege Management in Symantec Messaging Gateway

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.5%

top 32.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Symantec Messaging Gateway

Timeline

PublishedDec 10

Latest updateMay 24

Description

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDbroadcom/symantec_messaging_gateway< 10.7.4

🔴Vulnerability Details

GHSA

GHSA-6w26-5ccg-87xc: A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control ov↗2022-05-24

▶

CVEList

CVE-2020-12594: A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control ov↗2020-12-10

▶