SA146: Improper User Authorization in ProxySG and ASG
1417
04 May 2021
26 October 2017
CLOSED
HIGH
CVSS v2: 8.0
SUMMARY
The ProxySG and ASG management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.
AFFECTED PRODUCTS
Advanced Secure Gateway (ASG) | ||
---|---|---|
CVE | Affected Version(s) | Remediation |
CVE-2016-9097 | 6.7 | Not vulnerable, fixed in 6.7.2.1 |
6.6 | Upgrade to 6.6.5.8. |
ProxySG | ||
---|---|---|
CVE | Affected Version(s) | Remediation |
CVE-2016-9097 | 6.7 | Upgrade to 6.7.1.2. |
6.6 | Upgrade to 6.6.5.8. | |
6.5 | Upgrade to 6.5.10.7. |
ADDITIONAL PRODUCT INFORMATION
The ProxySG and ASG management consoles provide a web-based interface for authenticated administrators to configure, manage, and monitor the respective appliance. Both products define separate read-only and read-write authorization levels for authenticated administrators. Read-only administrators can only view appliance settings and policy configuration, but not modify them. They can also perform limited troubleshooting tasks. Read-write administrators have full access to the appliance settings and policy configuration. They can also perform all management tasks available through the management console.
ISSUES
CVE-2016-9097 | |
---|---|
Severity / CVSSv2 | High / 8.0 (AV:N/AC:L/Au:S/C:P/I:P/A:C) |
References | SecurityFocus: BID 101530 / NVD: CVE-2016-9097 |
Impact | Improper user authorization |
Description | The ProxySG and ASG management consoles do not, under certain circumstances, correctly check the authorization of read-only administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requries read-write access privileges. |
ACKNOWLEDGEMENTS
Thanks to Jakub Pałaczyński and Pawel Bartunek for reporting this vulnerability.
REVISION
2017-11-25 SA status moved to Final
2017-11-09 Symantec recommends ProxySG 6.5 customers to upgrade to 6.5.10.7 or a later release to get the vulnerability fixes.
2017-10-26 initial public release