CVE-2012-2977

Symantec Web Gateway <5.0.3.18 - RCE

Title source: llm

Description

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Kc57 · rubywebappslinux

https://www.exploit-db.com/exploits/20706

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Kc57 · pythonwebappslinux

https://www.exploit-db.com/exploits/20707

View Code ZIP pw:eip

References (3)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/108471

[Third Party Advisory] http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/54430

Scores

EPSS 0.1610

EPSS Percentile 94.8%

Details

CWE

CWE-264

Status published

Products (4)

symantec/web_gateway 5.0

symantec/web_gateway 5.0.1

symantec/web_gateway 5.0.2

symantec/web_gateway 5.0.3

Published Jul 23, 2012

Tracked Since Feb 18, 2026