Lucene search

[email protected]NVD:CVE-2021-30648

HistoryJun 30, 2021 - 11:15 a.m.

CVE-2021-30648

2021-06-3011:15:08

CWE-287

[email protected]

web.nvd.nist.gov

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.3%

JSON

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.

Affected configurations

NVD

Node

broadcomsymantec_proxysgRange6.5–6.5.10.16

broadcomsymantec_proxysgRange6.6–6.6.5.19

broadcomsymantec_proxysgRange6.7–6.7.5.12

broadcomsymantec_proxysgRange7.2–7.2.7.2

broadcomsymantec_proxysgRange7.3–7.3.3.3

Node

broadcomsymantec_advanced_secure_gateway_s200-30Match-

AND

broadcomsymantec_advanced_secure_gateway_s200-30_firmwareRange6.6–6.7.4.17

broadcomsymantec_advanced_secure_gateway_s200-30_firmwareRange6.7.5.0–6.7.5.12

broadcomsymantec_advanced_secure_gateway_s200-30_firmwareRange7.2–7.2.7.2

broadcomsymantec_advanced_secure_gateway_s200-30_firmwareRange7.3–7.3.3.3

Node

broadcomsymantec_advanced_secure_gateway_s200-40Match-

AND

broadcomsymantec_advanced_secure_gateway_s200-40_firmwareRange6.6–6.7.4.17

broadcomsymantec_advanced_secure_gateway_s200-40_firmwareRange6.7.5.0–6.7.5.12

broadcomsymantec_advanced_secure_gateway_s200-40_firmwareRange7.2–7.2.7.2

broadcomsymantec_advanced_secure_gateway_s200-40_firmwareRange7.3–7.3.3.3

Node

broadcomsymantec_advanced_secure_gateway_s400-20Match-

AND

broadcomsymantec_advanced_secure_gateway_s400-20_firmwareRange6.6–6.7.4.17

broadcomsymantec_advanced_secure_gateway_s400-20_firmwareRange6.7.5.0–6.7.5.12

broadcomsymantec_advanced_secure_gateway_s400-20_firmwareRange7.2–7.2.7.2

broadcomsymantec_advanced_secure_gateway_s400-20_firmwareRange7.3–7.3.3.3

Node

broadcomsymantec_advanced_secure_gateway_s400-30Match-

AND

broadcomsymantec_advanced_secure_gateway_s400-30_firmwareRange6.6–6.7.4.17

broadcomsymantec_advanced_secure_gateway_s400-30_firmwareRange6.7.5.0–6.7.5.12

broadcomsymantec_advanced_secure_gateway_s400-30_firmwareRange7.2–7.2.7.2

broadcomsymantec_advanced_secure_gateway_s400-30_firmwareRange7.3–7.3.3.3

Node

broadcomsymantec_advanced_secure_gateway_s400-40Match-

AND

broadcomsymantec_advanced_secure_gateway_s400-40_firmwareRange6.6–6.7.4.17

broadcomsymantec_advanced_secure_gateway_s400-40_firmwareRange6.7.5.0–6.7.5.12

broadcomsymantec_advanced_secure_gateway_s400-40_firmwareRange7.2–7.2.7.2

broadcomsymantec_advanced_secure_gateway_s400-40_firmwareRange7.3–7.3.3.3

Node

broadcomsymantec_advanced_secure_gateway_500-10Match-

AND

broadcomsymantec_advanced_secure_gateway_500-10_firmwareRange6.6–6.7.4.17

broadcomsymantec_advanced_secure_gateway_500-10_firmwareRange6.7.5.0–6.7.5.12

broadcomsymantec_advanced_secure_gateway_500-10_firmwareRange7.2–7.2.7.2

broadcomsymantec_advanced_secure_gateway_500-10_firmwareRange7.3–7.3.3.3

Node

broadcomsymantec_advanced_secure_gateway_s500-20Match-

AND

broadcomsymantec_advanced_secure_gateway_s500-20_firmwareRange6.6–6.7.4.17

broadcomsymantec_advanced_secure_gateway_s500-20_firmwareRange6.7.5.0–6.7.5.12

broadcomsymantec_advanced_secure_gateway_s500-20_firmwareRange7.2–7.2.7.2

broadcomsymantec_advanced_secure_gateway_s500-20_firmwareRange7.3–7.3.3.3

References

support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.3%

JSON

Related for NVD:CVE-2021-30648

cvelist1 cve1 prion1 symantec1