Support Content Notification - Support Portal

Session Hijacking Vulnerability in ProxySG and ASG

Product/Component

ProxySG Software - SGOS

0 more products

Notification Id

1752

Last Updated

15 July 2021

Initial Publication Date

09 April 2020

Status

CLOSED

Severity

High

CVSS Base Score

7.5

WorkAround

Affected CVE

Summary

The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.

Affected Product(s)

Advanced Secure Gateway (ASG)
CVE	Supported Version(s)	Remediation
CVE-2019-18375	6.7 (prior to 6.7.4)	Not vulnerable
	6.7.4	Upgrade to 6.7.4.10.
	6.7 (6.7.5 and later)	Not vulnerable, fixed in 6.7.5.1.
	7.1	Upgrade to a later release with fixes.
	7.2	Not vulnerable, fixed in 7.2.0.1.

ProxySG
CVE	Supported Version(s)	Remediation
CVE-2019-18375	6.5, 6.7 (prior to 6.7.4)	Not vulnerable
	6.7.4	Upgrade to 6.7.4.10.
	6.7 (6.7.5 and later)	Not vulnerable, fixed in 6.7.5.1.
	7.1	Upgrade to a later release with fixes.
	7.2	Not vulnerable, fixed in 7.2.0.1.

Additional Product Information

ASG 7.1 and ProxySG 7.1 are Early Availability (EA) releases and will not be released as General Availability (GA). Fixes will not be provided for ASG 7.1 and ProxySG 7.1. Please upgrade to ASG 7.2 and ProxySG 7.2 for the vulnerability fixes.

Issue Details

CVE-2019-18375
Severity / CVSS v3.0:	High / 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
References:	NVD: CVE-2019-18375
Impact:	Session hijacking
Description:	A session hijacking vulnerability in the ASG and ProxySG management consoles allow a remote attacker, with access to the management interface, to hijack the session of a currently logged-in user and access the management console with the privileges of the hijacked session.

Mitigation & Additional Information

CVE-2019-18375 can only be exploited through the ASG and ProxySG management interfaces. Symantec recommends that customers deploy ASG and ProxySG in a secure network and restrict access to the management interfaces. Not deploying the products in a secure network or restricting management interface access increases the threat of exploiting the vulnerabilities.

Acknowledgements

CVE-2019-18375: Balazs Hambalko, IT Security Consultant

Revisions

2020-04-09 initial public release