Symantec Reporter does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
CVE |Affected Version(s)|Remediation
CVE-2017-15531 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1
10.1 | Upgrade to 10.1.5.5.
9.5 | Upgrade to 9.5.4.1.
Symantec Reporter provides reporting capabilities for the Symantec ProxySG appliance, Secure Web Gateway (SWG) solution, and the Web Security Services (WSS). Reporter provides authentication and role-based access control for:
This vulnerability can be exploited only through the Reporter management interface. Symantec recommends that customers deploy Reporter in a secure network and restrict access to the management interface. Not deploying the appliance in a secure network or restricting management interface access increases the threat of exploiting the vulnerability.
Severity / CVSSv2 | High / 8.3 (AV:A/AC:L/Au:N/C:C/I:C/A:C) References| SecurityFocus: BID 102751 / NVD: CVE-2017-15531 Impact| Unauthorized access Description | Reporter does not restrict excessive authentication attempts for administrator and standard users, making it susceptible to a brute force password guessing attack. A remote attacker, with access to the management interface, can use brute force search to guess a user password and gain access to Reporter and the reporting information that the user is authorized to access. Reporter logs all successful and unsuccessful authentication attempts in the system event log.
Symantec recommends that customers deploy Reporter in a secure network and restrict access to the management interface.
Symantec would like to thank Dhiraj Mishra (@mishradhiraj_) for reporting this vulnerability.
2018-04-12 A fix for Reporter 10.1 is available in 10.1.5.5.
2018-01-23 initial public release