cvelistv5 - CVE-2017-6326

CVE-2017-6326 (GCVE-0-2017-6326)

Vulnerability from cvelistv5 – Published: 2017-06-26 21:00 – Updated: 2024-08-05 15:25

Summary

Severity ?

No CVSS data available.

CWE

Remote Code Execution

Assigner

symantec

References

URL

Tags

	http://www.securitytracker.com/id/1038785	vdb-entryx_refsource_SECTRACK
	https://www.exploit-db.com/exploits/42251/	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/98893	vdb-entryx_refsource_BID
	https://www.symantec.com/security_response/securi…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Symantec Corporation	Messaging Gateway	Affected: All versions prior to version 10.6.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:25:49.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038785",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038785"
          },
          {
            "name": "42251",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42251/"
          },
          {
            "name": "98893",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98893"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Messaging Gateway",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to version 10.6.3"
            }
          ]
        }
      ],
      "datePublic": "2017-06-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-11T15:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "name": "1038785",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038785"
        },
        {
          "name": "42251",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42251/"
        },
        {
          "name": "98893",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98893"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2017-6326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Messaging Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to version 10.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Symantec Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038785",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038785"
            },
            {
              "name": "42251",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42251/"
            },
            {
              "name": "98893",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98893"
            },
            {
              "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00",
              "refsource": "CONFIRM",
              "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2017-6326",
    "datePublished": "2017-06-26T21:00:00",
    "dateReserved": "2017-02-26T00:00:00",
    "dateUpdated": "2024-08-05T15:25:49.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.6.3\", \"matchCriteriaId\": \"E22096C2-1F48-4646-A257-347857B688B5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.\"}, {\"lang\": \"es\", \"value\": \"El producto Symantec Messaging Gateway, puede detectar un problema de ejecuci\\u00f3n de c\\u00f3digo remota, que describe una situaci\\u00f3n en la que un individuo puede obtener la capacidad de ejecutar comandos remotamente en un equipo destino o en un proceso destino.\"}]",
      "id": "CVE-2017-6326",
      "lastModified": "2024-11-21T03:29:34.073",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-06-26T21:29:00.267",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/98893\", \"source\": \"secure@symantec.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038785\", \"source\": \"secure@symantec.com\"}, {\"url\": \"https://www.exploit-db.com/exploits/42251/\", \"source\": \"secure@symantec.com\"}, {\"url\": \"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00\", \"source\": \"secure@symantec.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/98893\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038785\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/42251/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@symantec.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6326\",\"sourceIdentifier\":\"secure@symantec.com\",\"published\":\"2017-06-26T21:29:00.267\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.\"},{\"lang\":\"es\",\"value\":\"El producto Symantec Messaging Gateway, puede detectar un problema de ejecuci\u00f3n de c\u00f3digo remota, que describe una situaci\u00f3n en la que un individuo puede obtener la capacidad de ejecutar comandos remotamente en un equipo destino o en un proceso destino.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.6.3\",\"matchCriteriaId\":\"E22096C2-1F48-4646-A257-347857B688B5\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/98893\",\"source\":\"secure@symantec.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038785\",\"source\":\"secure@symantec.com\"},{\"url\":\"https://www.exploit-db.com/exploits/42251/\",\"source\":\"secure@symantec.com\"},{\"url\":\"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00\",\"source\":\"secure@symantec.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98893\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/42251/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2017-6326

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6326

Aliases

CVE-2017-6326

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6326",
    "description": "The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.",
    "id": "GSD-2017-6326",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-6326"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6326"
      ],
      "details": "The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.",
      "id": "GSD-2017-6326",
      "modified": "2023-12-13T01:21:09.914039Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@symantec.com",
        "ID": "CVE-2017-6326",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Messaging Gateway",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions prior to version 10.6.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Symantec Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038785",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038785"
          },
          {
            "name": "42251",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/42251/"
          },
          {
            "name": "98893",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98893"
          },
          {
            "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00",
            "refsource": "CONFIRM",
            "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.6.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2017-6326"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
            },
            {
              "name": "98893",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98893"
            },
            {
              "name": "1038785",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038785"
            },
            {
              "name": "42251",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/42251/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-06-26T21:29Z"
    }
  }
}

VAR-201706-0552

Vulnerability from variot - Updated: 2023-12-18 12:03

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code on the affected system. Versions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0552",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "messaging gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "10.6.3"
      },
      {
        "model": "messaging gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "10.6.3"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.5.2"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.5.1"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.5"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.1"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.5.4"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.5.3"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.5.2"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.5.1"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.5"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.6.2"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.6.1"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.6"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.1"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.3"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.2"
      },
      {
        "model": "messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0"
      },
      {
        "model": "messaging gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.6.3"
      },
      {
        "model": "messaging gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.6.3-266"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "98893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6326"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-870"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.6.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6326"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mehmet Dursun Ince",
    "sources": [
      {
        "db": "BID",
        "id": "98893"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6326",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-6326",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-114529",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 10.0,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6326",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6326",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-870",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114529",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-6326",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114529"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6326"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6326"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-870"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway  is prone to a  remote code-execution vulnerability. \nAttackers can exploit this issue to execute arbitrary code on the  affected system. \nVersions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6326"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      },
      {
        "db": "BID",
        "id": "98893"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114529"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6326"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-114529",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42251",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114529"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6326"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6326",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "98893",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1038785",
        "trust": 1.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "42251",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005085",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-870",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "143129",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-114529",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6326",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114529"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6326"
      },
      {
        "db": "BID",
        "id": "98893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6326"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-870"
      }
    ]
  },
  "id": "VAR-201706-0552",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114529"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:03:53.844000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SYM17-004",
        "trust": 0.8,
        "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
      },
      {
        "title": "Symantec Messaging Gateway Fixes for permissions and access control issues vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100376"
      },
      {
        "title": "Symantec Security Advisories: Symantec Messaging Gateway Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=87a01cb99de9de36ac7e7d7b134aa96d"
      },
      {
        "title": "Exp101tsArchiv30thers",
        "trust": 0.1,
        "url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
      },
      {
        "title": "awesome-cve-poc_qazbnm456",
        "trust": 0.1,
        "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-6326"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-870"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6326"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/98893"
      },
      {
        "trust": 1.9,
        "url": "https://www.exploit-db.com/exploits/42251/"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1038785"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6326"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6326"
      },
      {
        "trust": 0.3,
        "url": "http://www.symantec.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20170621_00"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=54308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/modules/exploit/linux/http/symantec_messaging_gateway_exec"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114529"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6326"
      },
      {
        "db": "BID",
        "id": "98893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6326"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-870"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114529"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6326"
      },
      {
        "db": "BID",
        "id": "98893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6326"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-870"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114529"
      },
      {
        "date": "2017-06-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6326"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "BID",
        "id": "98893"
      },
      {
        "date": "2017-07-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      },
      {
        "date": "2017-06-26T21:29:00.267000",
        "db": "NVD",
        "id": "CVE-2017-6326"
      },
      {
        "date": "2017-02-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-870"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114529"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6326"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "BID",
        "id": "98893"
      },
      {
        "date": "2017-07-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-6326"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-870"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-870"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec Messaging Gateway Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005085"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-870"
      }
    ],
    "trust": 0.6
  }
}

GHSA-5PF7-R489-5RGM

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:39

Details

Severity ?

10.0 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6326"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-26T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.",
  "id": "GHSA-5pf7-r489-5rgm",
  "modified": "2025-04-20T03:39:31Z",
  "published": "2022-05-13T01:46:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6326"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42251"
    },
    {
      "type": "WEB",
      "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98893"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038785"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-6326

Vulnerability from fkie_nvd - Published: 2017-06-26 21:29 - Updated: 2025-04-20 01:37

Severity ?

10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
secure@symantec.com	http://www.securityfocus.com/bid/98893	Third Party Advisory, VDB Entry
secure@symantec.com	http://www.securitytracker.com/id/1038785
secure@symantec.com	https://www.exploit-db.com/exploits/42251/
secure@symantec.com	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98893	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038785
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42251/
af854a3a-2127-422b-91ae-364da2661108	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	symantec	messaging_gateway	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E22096C2-1F48-4646-A257-347857B688B5",
              "versionEndIncluding": "10.6.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process."
    },
    {
      "lang": "es",
      "value": "El producto Symantec Messaging Gateway, puede detectar un problema de ejecuci\u00f3n de c\u00f3digo remota, que describe una situaci\u00f3n en la que un individuo puede obtener la capacidad de ejecutar comandos remotamente en un equipo destino o en un proceso destino."
    }
  ],
  "id": "CVE-2017-6326",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-26T21:29:00.267",
  "references": [
    {
      "source": "secure@symantec.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98893"
    },
    {
      "source": "secure@symantec.com",
      "url": "http://www.securitytracker.com/id/1038785"
    },
    {
      "source": "secure@symantec.com",
      "url": "https://www.exploit-db.com/exploits/42251/"
    },
    {
      "source": "secure@symantec.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/42251/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
    }
  ],
  "sourceIdentifier": "secure@symantec.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-16026

Vulnerability from cnvd - Published: 2017-07-24

Title

Symantec Messaging Gateway远程代码执行漏洞

Description

Symantec Messaging Gateway是美国赛门铁克（Symantec）公司的一套集反垃圾邮件、防病毒、高级内容过滤和数据泄露防护技术于一体的垃圾邮件过滤器。 Symantec Messaging Gateway存在远程代码执行漏洞，攻击者可以利用该漏洞在目标机器上或目标进程中远程执行命令。

Severity

高

Patch Name

Symantec Messaging Gateway远程代码执行漏洞的补丁

Patch Description

Symantec Messaging Gateway是美国赛门铁克（Symantec）公司的一套集反垃圾邮件、防病毒、高级内容过滤和数据泄露防护技术于一体的垃圾邮件过滤器。 Symantec Messaging Gateway存在远程代码执行漏洞，攻击者可以利用该漏洞在目标机器上或目标进程中远程执行命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00

Reference

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00 https://nvd.nist.gov/vuln/detail/CVE-2017-6326

Impacted products

Name
Symantec Messaging Gateway <=10.6.3

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98893"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6326"
    }
  },
  "description": "Symantec Messaging Gateway\u662f\u7f8e\u56fd\u8d5b\u95e8\u94c1\u514b\uff08Symantec\uff09\u516c\u53f8\u7684\u4e00\u5957\u96c6\u53cd\u5783\u573e\u90ae\u4ef6\u3001\u9632\u75c5\u6bd2\u3001\u9ad8\u7ea7\u5185\u5bb9\u8fc7\u6ee4\u548c\u6570\u636e\u6cc4\u9732\u9632\u62a4\u6280\u672f\u4e8e\u4e00\u4f53\u7684\u5783\u573e\u90ae\u4ef6\u8fc7\u6ee4\u5668\u3002\r\n\r\nSymantec Messaging Gateway\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u76ee\u6807\u673a\u5668\u4e0a\u6216\u76ee\u6807\u8fdb\u7a0b\u4e2d\u8fdc\u7a0b\u6267\u884c\u547d\u4ee4\u3002",
  "discovererName": "Mehmet Dursun Ince",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-16026",
  "openTime": "2017-07-24",
  "patchDescription": "Symantec Messaging Gateway\u662f\u7f8e\u56fd\u8d5b\u95e8\u94c1\u514b\uff08Symantec\uff09\u516c\u53f8\u7684\u4e00\u5957\u96c6\u53cd\u5783\u573e\u90ae\u4ef6\u3001\u9632\u75c5\u6bd2\u3001\u9ad8\u7ea7\u5185\u5bb9\u8fc7\u6ee4\u548c\u6570\u636e\u6cc4\u9732\u9632\u62a4\u6280\u672f\u4e8e\u4e00\u4f53\u7684\u5783\u573e\u90ae\u4ef6\u8fc7\u6ee4\u5668\u3002\r\n\r\nSymantec Messaging Gateway\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u76ee\u6807\u673a\u5668\u4e0a\u6216\u76ee\u6807\u8fdb\u7a0b\u4e2d\u8fdc\u7a0b\u6267\u884c\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Symantec Messaging Gateway\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Symantec Messaging Gateway \u003c=10.6.3"
  },
  "referenceLink": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6326",
  "serverity": "\u9ad8",
  "submitTime": "2017-06-27",
  "title": "Symantec Messaging Gateway\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6326 (GCVE-0-2017-6326)

GSD-2017-6326

VAR-201706-0552

GHSA-5PF7-R489-5RGM

FKIE_CVE-2017-6326

CNVD-2017-16026

Tags

Sightings

Nomenclature