CVE-2013-1616

Symantec Web Gateway < 5.1.1 - OS Command Injection via Management Console

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1616. PoCs published by SEC Consult.

AI-analyzed exploit summary This is a detailed security advisory from SEC Consult describing multiple vulnerabilities in Symantec Web Gateway, including XSS, OS command injection, SQL injection, and privilege escalation via sudo misconfiguration. It provides proof-of-concept URLs and attack scenarios but does not include full exploit code.

Description

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SEC Consult · textwebappsphp

https://www.exploit-db.com/exploits/27136

View Code ZIP pw:eip

This is a detailed security advisory from SEC Consult describing multiple vulnerabilities in Symantec Web Gateway, including XSS, OS command injection, SQL injection, and privilege escalation via sudo misconfiguration. It provides proof-of-concept URLs and attack scenarios but does not include full exploit code.

Classification

Writeup 100%

Attack Type

Xss | Sqli | Rce | Lpe | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Symantec Web Gateway <= 5.1.0.*

No auth needed

Prerequisites: Network access to the Symantec Web Gateway interface · For some exploits, authenticated access may be required

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/61106

Vendor Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00

Various Sources x_refsource_misc

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html

Scores

EPSS 0.1075

EPSS Percentile 95.3%

Details

CWE

CWE-78

Status published

Products (8)

symantec/web_gateway 5.0

symantec/web_gateway 5.0.1

symantec/web_gateway 5.0.2

symantec/web_gateway 5.0.3

symantec/web_gateway 5.0.3.18

symantec/web_gateway < 5.1

symantec/web_gateway_appliance_8450

symantec/web_gateway_appliance_8490

Published Aug 01, 2013

Tracked Since Feb 18, 2026