What is CVE-2012-0299?

CVE-2012-0299 is a vulnerability in Symantec Web_gateway, classified under CWE-264. Published 2012-05-21.

Is CVE-2012-0299 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Symantec Web_gateway

CVE-2012-0299

The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.

EPSS: 0.823 (99.2th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway — versions 5.0, 5.0.1, 5.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

rapid7/metasploit-framework

References

symantec-web-unspec-command-exec(75730) (vdb-entry, x_refsource_XF)
53443 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2012-0299?: CVE-2012-0299 is a vulnerability in Symantec Web_gateway, classified under CWE-264. Published 2012-05-21.
Is CVE-2012-0299 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.