Summary
Symantec Messaging Gateway (SMG) is susceptible to privilege escalation and information disclosure vulnerabilities. A malicious, authenticated, privileged user can further elevate their privileges on the system, or obtain a password for a remote SCP backup server that they might not otherwise be authorized to access.
Affected Product(s)
Symantec Messaging Gateway (SMG)
CVE
| Supported Version(s) |Remediation
CVE-2020-12594, CVE-2020-12595
| 10.7 | Upgrade to 10.7.4.
Issue Details
Issue Details
CVE-2020-12594
Severity / CVSS v3.x:
|
High / 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
References:
|
NVD: CVE-2020-12594
Impact:
|
Privilege escalation
Description:
|
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance.
CVE-2020-12595
Severity / CVSS v3.x:
|
Medium / 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
References:
|
NVD: CVE-2020-12595
Impact:
|
Information disclosure
Description
|
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access.
Acknowledgements
Revisions
2020-12-08 initial public release