Vulnerability Details CVE-2016-5313
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.258
EPSS Ranking 95.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/139006/Symantec-Web-Gateway-5.2.2-OS-Command-Injection.html
- http://seclists.org/fulldisclosure/2016/Oct/24
- http://www.securityfocus.com/bid/93284
- http://www.securitytracker.com/id/1036973
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161005_00
- http://packetstormsecurity.com/files/139006/Symantec-Web-Gateway-5.2.2-OS-Command-Injection.html
- http://seclists.org/fulldisclosure/2016/Oct/24
- http://www.securityfocus.com/bid/93284
- http://www.securitytracker.com/id/1036973
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161005_00
Products affected by CVE-2016-5313
-
cpe:2.3:a:symantec:web_gateway:5.0
-
cpe:2.3:a:symantec:web_gateway:5.0.1
-
cpe:2.3:a:symantec:web_gateway:5.0.2
-
cpe:2.3:a:symantec:web_gateway:5.0.3
-
cpe:2.3:a:symantec:web_gateway:5.0.3.18
-
cpe:2.3:a:symantec:web_gateway:5.1
-
cpe:2.3:a:symantec:web_gateway:5.1.1
-
cpe:2.3:a:symantec:web_gateway:5.2
-
cpe:2.3:a:symantec:web_gateway:5.2.1