What is CVE-2014-7285?

CVE-2014-7285 is a vulnerability in Symantec Web_gateway, classified under Command Injection. Published 2014-12-17.

Is CVE-2014-7285 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Symantec Web_gateway

CVE-2014-7285

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.740 (98.9th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

Public proof-of-concept exploits

References

36263 (exploit, x_refsource_EXPLOIT-DB)
71620 (vdb-entry, x_refsource_BID)
1031386 (vdb-entry, x_refsource_SECTRACK)
secure@symantec.com (x_refsource_MISC)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
116009 (x_refsource_OSVDB, vdb-entry)
secure@symantec.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2014-7285?: CVE-2014-7285 is a vulnerability in Symantec Web_gateway, classified under Command Injection. Published 2014-12-17.
Is CVE-2014-7285 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.