[email protected]NVD:CVE-2014-7285

HistoryDec 17, 2014 - 4:59 p.m.

CVE-2014-7285

2014-12-1716:59:00

CWE-77

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.479

Percentile

97.5%

JSON

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Affected configurations

Nvd

Node

symantecweb_gatewayRange≤5.2.1

VendorProductVersionCPE
symantecweb_gateway*cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	web_gateway	*	cpe:2.3:a:symantec:web_gateway::::::::

References

karmainsecurity.com/KIS-2014-19

osvdb.org/show/osvdb/116009

packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html

www.exploit-db.com/exploits/36263

www.securityfocus.com/bid/71620

www.securitytracker.com/id/1031386

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.479

Percentile

97.5%

JSON

Related for NVD:CVE-2014-7285

metasploit1 packetstorm2 nessus1 cvelist1 zdt2 cve1 securityvulns2 openvas2 symantec1 exploitdb1 prion1 checkpoint_advisories1