RCE in Symantec Web_gateway

CVE-2015-5693

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.031 (87.1th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

76731 (vdb-entry, x_refsource_BID)
1033625 (vdb-entry, x_refsource_SECTRACK)
secure@symantec.com (x_refsource_MISC)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)