CVE-2018-18371

2019-08-2922:14:58

symantec

www.cve.org

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG’s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

CNA Affected

[
  {
    "product": "Symantec Advanced Secure Gateway (ASG)",
    "vendor": "Symantec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "6.6 and 6.7 prior to 6.7.4.2"
      }
    ]
  },
  {
    "product": "Symantec ProxySG",
    "vendor": "Symantec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "6.5 prior to 6.5.10.15"
      },
      {
        "status": "affected",
        "version": "6.6"
      },
      {
        "status": "affected",
        "version": "6.7 prior to 6.7.4.2"
      }
    ]
  }
]

References

support.symantec.com/us/en/article.SYMSA1472.html