CVE-2021-30648

CWE-287 — Improper Authentication3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.5%

top 34.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Symantec Advanced Secure Gateway 500-10 Firmware Broadcom Symantec Advanced Secure Gateway S200-30 Firmware Broadcom Symantec Advanced Secure Gateway S200-40 Firmware +5 more

Timeline

PublishedJun 30

Latest updateMay 24

Description

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

▶NVDbroadcom/symantec_advanced_secure_gateway_500-10_firmware6.6 — 6.7.4.17+3

▶NVDbroadcom/symantec_advanced_secure_gateway_s200-30_firmware6.6 — 6.7.4.17+3

▶NVDbroadcom/symantec_advanced_secure_gateway_s200-40_firmware6.6 — 6.7.4.17+3

▶NVDbroadcom/symantec_advanced_secure_gateway_s400-20_firmware6.6 — 6.7.4.17+3

▶NVDbroadcom/symantec_advanced_secure_gateway_s400-30_firmware6.6 — 6.7.4.17+3

🔴Vulnerability Details

GHSA

GHSA-23p9-49c6-fm5w: The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability↗2022-05-24

▶

CVEList

CVE-2021-30648: The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability↗2021-06-30

▶

External resources

NVD MITRE

Affected products8

Broadcom Symantec Advanced Secure Gateway 500-10 Firmware≥ 6.6, < 6.7.4.17≥ 6.7.5.0, < 6.7.5.12≥ 7.2, < 7.2.7.2+1 more

Broadcom Symantec Advanced Secure Gateway S200-30 Firmware≥ 6.6, < 6.7.4.17≥ 6.7.5.0, < 6.7.5.12≥ 7.2, < 7.2.7.2+1 more

Broadcom Symantec Advanced Secure Gateway S200-40 Firmware≥ 6.6, < 6.7.4.17≥ 6.7.5.0, < 6.7.5.12≥ 7.2, < 7.2.7.2+1 more

Broadcom Symantec Advanced Secure Gateway S400-20 Firmware≥ 6.6, < 6.7.4.17≥ 6.7.5.0, < 6.7.5.12≥ 7.2, < 7.2.7.2+1 more

Broadcom Symantec Advanced Secure Gateway S400-30 Firmware≥ 6.6, < 6.7.4.17≥ 6.7.5.0, < 6.7.5.12≥ 7.2, < 7.2.7.2+1 more

Broadcom Symantec Advanced Secure Gateway S400-40 Firmware≥ 6.6, < 6.7.4.17≥ 6.7.5.0, < 6.7.5.12≥ 7.2, < 7.2.7.2+1 more

Broadcom Symantec Advanced Secure Gateway S500-20 Firmware≥ 6.6, < 6.7.4.17≥ 6.7.5.0, < 6.7.5.12≥ 7.2, < 7.2.7.2+1 more

Broadcom Symantec Proxysg≥ 6.5, < 6.5.10.16≥ 6.6, < 6.6.5.19≥ 6.7, < 6.7.5.12+2 more

Disclosure

PublishedJun 30, 2021

Latest updateMay 24, 2022