Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-7285

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-7285
Last Modified 11 Mar 2015 10:00:20
Published 17 Dec 2014 11:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-7285

Summary

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Vulnerable Systems

Application

  • Symantec Web Gateway 5.2.1


References

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00

BID - 71620

EXPLOIT-DB - 36263

MISC - http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html

OSVDB - 116009

MISC - http://karmainsecurity.com/KIS-2014-19


Last Updated: 27 May 2016 11:08:01