RCE in Symantec Web_gateway

CVE-2015-5690

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect."

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.016 (81.8th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

1033625 (vdb-entry, x_refsource_SECTRACK)
76725 (vdb-entry, x_refsource_BID)
secure@symantec.com (x_refsource_MISC)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)