Symantec Messaging Gateway up to 10.6.3 Variable path traversal
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as critical has been found in Symantec Messaging Gateway up to 10.6.3. Affected is an unknown function. Executing a manipulation as part of Variable can lead to path traversal. This vulnerability is registered as CVE-2017-15532. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.
Details
A vulnerability classified as critical was found in Symantec Messaging Gateway up to 10.6.3. This vulnerability affects an unknown part. The manipulation as part of a Variable leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality. CVE summarizes:
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
The bug was discovered 12/19/2017. The weakness was published 12/20/2017 by rgod with Zero Day Initiative as SYM17-016 as confirmed security advisory (Website). The advisory is available at symantec.com. This vulnerability was named CVE-2017-15532 since 10/17/2017. The attack needs to be done within the local network. A single authentication is necessary for exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1006 by the MITRE ATT&CK project.
The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 105509 (Symantec Messaging Gateway 10.x < 10.6.4 Directory Traversal Vulnerability (SYM17-016)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CGI abuses and running in the context r. The commercial vulnerability scanner Qualys is able to test this issue with plugin 11897 (Symantec Messaging Gateway Directory Traversal Vulnerability (SYM17-016)).
Upgrading to version 10.6.4 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (105509) and SecurityFocus (BID 102096†). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.7VulDB Meta Temp Score: 5.6
VulDB Base Score: 5.7
VulDB Temp Score: 5.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
Vendor Base Score (Symantec): 5.7
Vendor Vector (Symantec): 🔍
NVD Base Score: 5.7
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 105509
Nessus Name: Symantec Messaging Gateway 10.x < 10.6.4 Directory Traversal Vulnerability (SYM17-016)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 863062
OpenVAS Name: Symantec Messaging Gateway Directory Traversal Vulnerability (SYM17-016)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Messaging Gateway 10.6.4
Timeline
10/17/2017 🔍12/19/2017 🔍
12/20/2017 🔍
12/20/2017 🔍
12/20/2017 🔍
12/20/2017 🔍
12/21/2017 🔍
01/02/2018 🔍
01/27/2021 🔍
Sources
Vendor: symantec.comAdvisory: SYM17-016
Researcher: rgod working with Trend Micro's Zero Day Initiative. (rgod)
Organization: Zero Day Initiative
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-15532 (🔍)
GCVE (CVE): GCVE-0-2017-15532
GCVE (VulDB): GCVE-100-110890
SecurityFocus: 102096 - Symantec Messaging Gateway CVE-2017-15532 Directory Traversal Vulnerability
Entry
Created: 12/21/2017 08:36Updated: 01/27/2021 15:34
Changes: 12/21/2017 08:36 (85), 12/16/2019 17:11 (6), 01/27/2021 15:34 (2)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.