HTTP Desync Vulnerability in ASG and ProxySG
Summary
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients.
Affected Product(s)
Advanced Secure Gateway (ASG) |
||
CVE |
Affected Version(s) |
Remediation |
CVE-2021-46825 |
6.7, 7.3 |
Upgrade to 6.7.5.16 or 7.3.7.1. |
ProxySG |
||
CVE |
Affected Version(s) |
Remediation |
CVE-2021-46825 |
6.7, 7.3 |
Upgrade to 6.7.5.16 or 7.3.7.1. |
Issue Details
CVE-2021-46825 |
|
Severity/CVSSv3: |
High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
References: Impact: |
NVD: CVE-2021-46825 Information Disclosure |
Description: |
When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Responses intended for other web clients can be forwarded to the attacker and responses intended for the attacker can be forwarded to other web clients. |
Mitigation & Additional Information
The following product updates have been made available to customers to remediate these issues:
- ASG 6.7.5.16 and 7.3.7.1.
- ProxySG 6.7.5.16 and 7.3.7.1.
Symantec recommends the following measures to reduce risk of attack:
- Restrict access to administrative or management systems to authorized privileged users.
- Restrict remote access to trusted/authorized systems only.
- Run under the principle of least privilege, where possible, to limit the impact of potential exploit.
- Keep all operating systems and applications current with vendor patches.
- Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection for both inbound and outbound threats.
- Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.
Acknowledgements
- CVE-2021-46825:Robin Peraglie, Radically Open Security