VAR-201705-3128
Vulnerability from variot - Updated: 2023-12-18 12:29Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg",
"scope": "eq",
"trust": 1.2,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.2,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.5\u003c=6.5.10.6"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c=6.7.2.1"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c=6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.7.2.1",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.10.6",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.7.2.1",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakub Palaczynski and Pawel Bartunek.",
"sources": [
{
"db": "BID",
"id": "102455"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9099",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-01377",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-97919",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9099",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-01377",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-443",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97919",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "VULHUB",
"id": "VHN-97919"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "102455",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2016-9099",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1040138",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01377",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97919",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"id": "VAR-201705-3128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
}
],
"trust": 1.3058396033333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
}
]
},
"last_update_date": "2023-12-18T12:29:14.761000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for SymantecProxySG and AdvancedSecureGateway Open Redirection Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113935"
},
{
"title": "Symantec ProxySG and Advanced Secure Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77692"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/102455"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040138"
},
{
"trust": 0.3,
"url": "https://www.symantec.com/products/secure-web-gateway-proxy-sg-and-asg"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-97919"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102455"
},
{
"date": "2017-05-11T14:30:16.407000",
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"date": "2018-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-97919"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102455"
},
{
"date": "2021-07-08T16:37:25.740000",
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec ProxySG and Advanced Secure Gateway Open Redirection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "102455"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…