Lucene search

SymantecCVELIST:CVE-2021-30648

HistoryJun 30, 2021 - 10:40 a.m.

CVE-2021-30648

2021-06-3010:40:39

symantec

www.cve.org

symantec

asg

proxysg

web management

authentication bypass

vulnerability

cli commands

configuration

policy

shutdown

restart

AI Score

Confidence

High

EPSS

0.003

Percentile

71.2%

JSON

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.

CNA Affected

[
  {
    "product": "Advanced Secure Gateway (ASG) and ProxySG",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ASG 6.6, ASG 6.7 prior to 6.7.4.17 or 6.7.5.12, ASG 7.2 prior to 7.2.7.2, ASG 7.3 prior to 7.3.3.3, ProxySG 6.5 prior to 6.5.10.16, ProxySG 6.6 prior to 6.6.5.19, ProxySG 6.7 prior to 6.7.3.15, 6.7.4.17, or 6.7.5.12, ProxySG 7.2 prior 7.2.7.2, ProxySG 7.3 prior to 7.3.3.3."
      }
    ]
  }
]

References

support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331