Vulnerability Details CVE-2017-6327
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.852
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Proposed Action
Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.
Ransomware Campaign
Unknown
References
- http://seclists.org/fulldisclosure/2017/Aug/28
- http://www.securityfocus.com/bid/100135
- https://www.exploit-db.com/exploits/42519/
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170810_00
- http://seclists.org/fulldisclosure/2017/Aug/28
- http://www.securityfocus.com/bid/100135
- https://www.exploit-db.com/exploits/42519/
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170810_00
Products affected by CVE-2017-6327
-
cpe:2.3:a:symantec:message_gateway:10.0
-
cpe:2.3:a:symantec:message_gateway:10.0.1
-
cpe:2.3:a:symantec:message_gateway:10.0.2
-
cpe:2.3:a:symantec:message_gateway:10.0.3
-
cpe:2.3:a:symantec:message_gateway:10.5
-
cpe:2.3:a:symantec:message_gateway:10.5.1
-
cpe:2.3:a:symantec:message_gateway:10.5.2
-
cpe:2.3:a:symantec:message_gateway:10.5.3
-
cpe:2.3:a:symantec:message_gateway:10.5.4
-
cpe:2.3:a:symantec:message_gateway:10.6
-
cpe:2.3:a:symantec:message_gateway:10.6.1
-
cpe:2.3:a:symantec:message_gateway:10.6.1-3
-
cpe:2.3:a:symantec:message_gateway:10.6.2
-
cpe:2.3:a:symantec:message_gateway:10.6.3
-
cpe:2.3:a:symantec:message_gateway:10.6.3-2
-
cpe:2.3:a:symantec:message_gateway:9.0
-
cpe:2.3:a:symantec:message_gateway:9.0.1
-
cpe:2.3:a:symantec:message_gateway:9.0.2
-
cpe:2.3:a:symantec:message_gateway:9.5
-
cpe:2.3:a:symantec:message_gateway:9.5.1
-
cpe:2.3:a:symantec:message_gateway:9.5.2
-
cpe:2.3:a:symantec:message_gateway:9.5.3
-
cpe:2.3:a:symantec:message_gateway:9.5.4