Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SYMANTEC_MESSAGING_GATEWAY_SYM17-006.NASL
HistoryAug 16, 2017 - 12:00 a.m.

Symantec Messaging Gateway 10.x < 10.6.3-267 Multiple Vulnerabilities (SYM17-006)

2017-08-1600:00:00
This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
73

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.175

Percentile

96.2%

JSON

According to its self-reported version number, the Symantec Messaging Gateway (SMG) running on the remote host is 10.x prior to 10.6.3-267.
It is, therefore, affected by multiple vulnerabilities :

  • An unspecified flaw exists due to a failure to properly sanitize user-supplied input. An authenticated, remote attacker can exploit this to execute arbitrary commands. (CVE-2017-6327)

  • A cross site request Forgery (CSRF) vulnerability exists as HTTP requests to certain pages do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. (CVE-2017-6328)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(102528);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id("CVE-2017-6327", "CVE-2017-6328");
  script_bugtraq_id(100135, 100136);
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
  script_xref(name:"CEA-ID", value:"CEA-2020-0129");

  script_name(english:"Symantec Messaging Gateway 10.x < 10.6.3-267 Multiple Vulnerabilities (SYM17-006)");

  script_set_attribute(attribute:"synopsis", value:
"A messaging security application running on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Symantec Messaging
Gateway (SMG) running on the remote host is 10.x prior to 10.6.3-267.
It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists due to a failure to properly sanitize
    user-supplied input. An authenticated, remote attacker can exploit
    this to execute arbitrary commands. (CVE-2017-6327)

  - A cross site request Forgery (CSRF) vulnerability exists as HTTP
    requests to certain pages do not require multiple steps, explicit
    confirmation, or a unique token when performing certain sensitive
    actions. (CVE-2017-6328)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://support.symantec.com/en_US/article.SYMSA1411.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6d53eb37");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Symantec Messaging Gateway (SMG) version 10.6.3-267 or
later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6328");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"Symantec Messaging Gateway RestoreAction.performRestore() RCE");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:messaging_gateway");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("symantec_messaging_gateway_detect.nasl");
  script_require_keys("www/sym_msg_gateway");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

get_install_count(app_name:'sym_msg_gateway', exit_if_zero:TRUE);

port = get_http_port(default:443);
install = get_single_install(app_name:'sym_msg_gateway', port:port);
base_url = build_url(qs:install['dir'], port:port);

if (install['version'] == UNKNOWN_VER)
  audit(AUDIT_UNKNOWN_WEB_APP_VER, 'Symantec Messaging Gateway', base_url);
if (install['version'] !~ "^10(\.|$)")
  audit(AUDIT_WEB_APP_NOT_AFFECTED, 'Symantec Messaging Gateway', base_url, install['version']);
if (install['version'] =~ "^10(\.6)?$") audit(AUDIT_VER_NOT_GRANULAR, 'Symantec Messaging Gateway', port, install['version']);

# Detection does not provide anything more detailed than 'x.y.z'
if (install['version'] == "10.6.3" && report_paranoia < 2)
  audit(AUDIT_PARANOID);

if (
  install['version'] =~ "^10\.[0-5]($|[^0-9])" ||
  install['version'] =~ "^10\.6\.[0-3]($|[^0-9])"
)
{
  report =
    '\n  URL               : ' + base_url +
    '\n  Installed version : ' + install['version'] +
    '\n  Fixed version     : 10.6.3-267\n';

  security_report_v4(severity:SECURITY_WARNING, port:port, extra:report, xsrf:TRUE);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, 'Symantec Messaging Gateway', base_url, install['version']);

Related

openvas 1
symantec 1
packetstorm 1
zdt 2
dsquare 1
seebug 1
cve 2
canvas 1
cvelist 2
exploitdb 2
nvd 2
prion 2
exploitpack 2
cisa_kev 1
checkpoint_advisories 1
attackerkb 1
ics 1
threatpost 1
qualysblog 2
openvas
openvas
Symantec Messaging Gateway Multiple Vulnerabilities (Aug 2017)
2017-08-14 00:00:00
symantec
symantec
Symantec Messaging Gateway RCE and CSRF
2017-08-10 08:00:00
packetstorm
packetstorm
Symantec Messaging Gateway 10.6.3-2 Remote Code Execution
2017-08-18 00:00:00
zdt
zdt
Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution
2017-08-19 00:00:00
Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery Vulnerability
2017-09-04 00:00:00
dsquare
dsquare
Symantec Messaging Gateway RestoreAction.performRestore() RCE
2017-09-01 00:00:00
seebug
seebug
Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE(CVE-2017-6327)
2017-08-21 00:00:00
cve
cve
CVE-2017-6327
2017-08-11 20:29:00
CVE-2017-6328
2017-08-11 20:29:00
canvas
canvas
Immunity Canvas: BRIGHTMAIL_RESTORE
2017-08-11 20:29:00
cvelist
cvelist
CVE-2017-6327
2017-08-11 20:00:00
CVE-2017-6328
2017-08-11 20:00:00
exploitdb
exploitdb
Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution
2017-08-18 00:00:00
Symantec Messaging Gateway &lt; 10.6.3-267 - Cross-Site Request Forgery
2017-08-09 00:00:00
nvd
nvd
CVE-2017-6327
2017-08-11 20:29:00
CVE-2017-6328
2017-08-11 20:29:00
prion
prion
Cross site request forgery (csrf)
2017-08-11 20:29:00
Design/Logic Flaw
2017-08-11 20:29:00
exploitpack
exploitpack
Symantec Messaging Gateway 10.6.3-267 - Cross-Site Request Forgery
2017-08-09 00:00:00
Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution
2017-08-18 00:00:00
cisa_kev
cisa_kev
Symantec Messaging Gateway Remote Code Execution Vulnerability
2021-11-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Symantec Messaging Gateway performRestore Command Injection (CVE-2017-6327)
2017-09-03 00:00:00
attackerkb
attackerkb
CVE-2017-6327
2017-08-11 00:00:00
ics
ics
Potential for China Cyber Response to Heightened U.S.–China Tensions
2020-10-20 12:00:00
threatpost
threatpost
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
2020-10-21 20:31:17
qualysblog
qualysblog
NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities
2020-10-22 23:10:29
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.175

Percentile

96.2%

JSON
Related for SYMANTEC_MESSAGING_GATEWAY_SYM17-006.NASL
openvas1symantec1packetstorm1zdt2dsquare1seebug1cve2canvas1cvelist2exploitdb2nvd2prion2exploitpack2cisa_kev1checkpoint_advisories1attackerkb1ics1threatpost1qualysblog2