RCE in Symantec Web_gateway

CVE-2015-6547

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.033 (87.4th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

References

1033625 (vdb-entry, x_refsource_SECTRACK)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
76730 (vdb-entry, x_refsource_BID)