CVE-2013-4673

Symantec Web Gateway < 5.1.1 - Remote Code Execution via RADIUS Authentication Bypass

Title source: llm

Description

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/95702

Vendor Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/61105

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/85990

Scores

EPSS 0.0331

EPSS Percentile 87.4%

Details

CWE

CWE-20

Status published

Products (8)

symantec/web_gateway 5.0

symantec/web_gateway 5.0.1

symantec/web_gateway 5.0.2

symantec/web_gateway 5.0.3

symantec/web_gateway 5.0.3.18

symantec/web_gateway < 5.1

symantec/web_gateway_appliance_8450

symantec/web_gateway_appliance_8490

Published Aug 01, 2013

Tracked Since Feb 18, 2026