XSS and Information Disclosure Vulnerabilities in ASG and ProxySG
1472
04 May 2021
27 August 2019
CLOSED
MEDIUM
6.5
SUMMARY
The Symantec ASG and ProxySG FTP proxy WebFTP mode is susceptible to XSS and information disclosure vulnerabilities. A remote attacker can inject malicious JavaScript code in the web listing of a remote FTP server and obtain authentication credentials for a remote FTP server.
AFFECTED PRODUCTS
| Advanced Secure Gateway (ASG) | ||
|---|---|---|
| CVE | Supported Version(s) | Remediation |
| CVE-2018-18370, CVE-2018-18371 | 7.1 | Not vulnerable, fixed. |
| 6.7 | Upgrade to 6.7.4.2. | |
| 6.6 | Upgrade to later release with fixes. | |
| ProxySG | ||
|---|---|---|
| CVE | Supported Version(s) | Remediation |
| CVE-2018-18370, CVE-2018-18371 | 7.1 | Not vulnerable, fixed. |
| 6.7 | Upgrade to 6.7.4.2. | |
| 6.6 | Upgrade to later release with fixes. | |
| 6.5 | Upgrade to 6.5.10.15. | |
ISSUES
| CVE-2018-18370 | |
|---|---|
| Severity / CVSSv3 | Medium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) |
| References | SecurityFocus: BID 109823 / NVD: CVE-2018-18370 |
| Impact | Cross-site scripting (XSS) |
| Description | The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. |
| CVE-2018-18371 | |
|---|---|
| Severity / CVSSv3 | Medium / 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) |
| References | SecurityFocus: BID 109823 / NVD: CVE-2018-18371 |
| Impact | Information disclosure |
| Description | The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. |
ACKNOWLEDGEMENTS
- CVE-2018-18370 & CVE-2018-18371: Muzamal Abadullah, Two Sigma Investments
REVISION
2019-08-27 initial public release