SA155: Multiple ASG and ProxySG Vulnerabilities
1427
04 May 2021
09 January 2018
CLOSED
MEDIUM
CVSS v2: 5.1
SUMMARY
The Symantec ASG and ProxySG management consoles are susceptible to multiple vulnerabilities. A remote attacker can, under certain circumstances, obtain sensitive authentication credential information, redirect target users to malicious sites, and inject arbitrary JavaScript code into the management console web client application.
AFFECTED PRODUCTS
| Advanced Secure Gateway (ASG) | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2016-9099 CVE-2016-10257 |
6.7 | Upgrade to 6.7.2.1. |
| 6.6 | Upgrade to 6.6.5.14. | |
| CVE-2016-9100 | 6.7 | Upgrade to 6.7.3.1. |
| 6.6 | Upgrade to 6.6.5.13. | |
| CacheFlow | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2016-9099 CVE-2016-10257 |
3.4 | Upgrade to 3.4.2.9. |
| ProxySG | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2016-9099 CVE-2016-10256 CVE-2016-10257 |
6.7 | Upgrade to 6.7.2.1. |
| 6.6 | Upgrade to 6.6.5.14. | |
| 6.5 | Upgrade to 6.5.10.6. | |
| CVE-2016-9100 | 6.7 | Upgrade to 6.7.3.1. |
| 6.6 | Upgrade to 6.6.5.13. | |
| 6.5 | Upgrade to 6.5.10.6. | |
ISSUES
| CVE-2016-9099 | |
|---|---|
| Severity / CVSSv2 | Low / 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) |
| References | SecurityFocus: BID 102455 / NVD: CVE-2016-9099 |
| Impact | Open redirection |
| Description | A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. Exploiting this vulnerability does not allow the attacker to bypass the security controls enforced by the ASG/ProxySG policy. If ASG/ProxySG are configured to intercept traffic from the target user, they will enforce the configured security controls on the redirected request to the malicious web site. |
| CVE-2016-9100 | |
|---|---|
| Severity / CVSSv2 | Medium / 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) |
| References | SecurityFocus: BID 102454 / NVD: CVE-2016-9100 |
| Impact | Information disclosure |
| Description | An attacker with access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. |
| CVE-2016-10256 | |
|---|---|
| Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:M/Au:N/C:P/I:P/A:N) |
| References | SecurityFocus: BID 102451 / NVD: CVE-2016-10256 |
| Impact | Cross-site scripting (XSS) |
| Description | A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. |
| CVE-2016-10257 | |
|---|---|
| Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:M/Au:N/C:P/I:P/A:N) |
| References | SecurityFocus: BID 102447 / NVD: CVE-2016-10257 |
| Impact | Cross-site scripting (XSS) |
| Description | A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code in the management console web client application. This is a separate vulnerability from CVE-2016-10256. |
ACKNOWLEDGEMENTS
Thanks to Jakub Pałaczyński and Pawel Bartunek for reporting these vulnerabilities.
REVISION
2018-07-27 CacheFlow 3.4 is vulnerable to CVE-2016-9099 and CVE-2016-10257. A fix is available in CacheFlow 3.4.2.9. Advisory Status moved to Closed.
2018-04-22 A fix for CVE-2016-9099 and CVE-2016-10257 in ASG 6.6 is available in 6.6.5.14. A fix for CVE-2016-9099, CVE-2016-10256, and CVE-2016-10257 in ProxySG 6.6 is available in 6.6.5.14.
2018-01-16 Added references to NVD articles.
2018-01-09 initial public release