RCE in Symantec Web_gateway
CVE-2013-1616
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.157 (94.8th percentile) — read the EPSS interpretation.
Affected products
- Symantec Web_gateway — versions 5.0, 5.0.1, 5.0.2
- Symantec Web_gateway_appliance_8450
- Symantec Web_gateway_appliance_8490
- N/a — versions n/a
Weakness classification (CWE)
References
- 61106 (vdb-entry, x_refsource_BID)
- secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
- secure@symantec.com (x_refsource_MISC)
- secure@symantec.com (x_refsource_MISC)