What is CVE-2012-2953?

CVE-2012-2953 is a vulnerability in Symantec Web_gateway, classified under OS Command Injection. Published 2012-07-23.

Is CVE-2012-2953 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Symantec Web_gateway

CVE-2012-2953

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.834 (99.3th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway — versions 5.0, 5.0.1, 5.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework
mishmashclone/sailay1996-offsec_
sailay1996/offsec_

References

cret@cert.org (x_refsource_CONFIRM)
VU#108471 (x_refsource_CERT-VN, third-party-advisory)
54426 (vdb-entry, x_refsource_BID, Vendor Advisory)

Frequently asked questions

What is CVE-2012-2953?: CVE-2012-2953 is a vulnerability in Symantec Web_gateway, classified under OS Command Injection. Published 2012-07-23.
Is CVE-2012-2953 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.