Support Content Notification - Support Portal

XSS and Information Disclosure Vulnerabilities in ASG and ProxySG

Product/Component

ProxySG Software - SGOS

0 more products

Notification Id

1472

Last Updated

04 May 2021

Initial Publication Date

27 August 2019

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

6.5

WorkAround

Affected CVE

SUMMARY

The Symantec ASG and ProxySG FTP proxy WebFTP mode is susceptible to XSS and information disclosure vulnerabilities. A remote attacker can inject malicious JavaScript code in the web listing of a remote FTP server and obtain authentication credentials for a remote FTP server.

AFFECTED PRODUCTS

Advanced Secure Gateway (ASG)
CVE	Supported Version(s)	Remediation
CVE-2018-18370, CVE-2018-18371	7.1	Not vulnerable, fixed.
	6.7	Upgrade to 6.7.4.2.
	6.6	Upgrade to later release with fixes.

ProxySG
CVE	Supported Version(s)	Remediation
CVE-2018-18370, CVE-2018-18371	7.1	Not vulnerable, fixed.
	6.7	Upgrade to 6.7.4.2.
	6.6	Upgrade to later release with fixes.
	6.5	Upgrade to 6.5.10.15.

ISSUES

CVE-2018-18370
Severity / CVSSv3	Medium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
References	SecurityFocus: BID 109823 / NVD: CVE-2018-18370
Impact	Cross-site scripting (XSS)
Description	The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server.

CVE-2018-18371
Severity / CVSSv3	Medium / 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
References	SecurityFocus: BID 109823 / NVD: CVE-2018-18371
Impact	Information disclosure
Description	The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server.

ACKNOWLEDGEMENTS

CVE-2018-18370 & CVE-2018-18371: Muzamal Abadullah, Two Sigma Investments

REVISION

2019-08-27 initial public release