Improper input validation in Symantec Web_gateway
CVE-2013-4673
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.033 (87.5th percentile) — read the EPSS interpretation.
Affected products
- Symantec Web_gateway — versions 5.0, 5.0.1, 5.0.2
- Symantec Web_gateway_appliance_8450
- Symantec Web_gateway_appliance_8490
- N/a — versions n/a
Weakness classification (CWE)
References
- 95702 (x_refsource_OSVDB, vdb-entry)
- secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
- 61105 (vdb-entry, x_refsource_BID)
- symantec-gateway-cve20134673-command-exec(85990) (vdb-entry, x_refsource_XF)