CVE-2016-10258

MEDIUM

Symantec Advanced Secure Gateway and ProxySG - Unrestricted File Upload via Management Console

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-10258. PoCs published by Pankaj Kumar Thakur.

AI-analyzed exploit summary This is a writeup describing an unrestricted file upload vulnerability in Adobe ColdFusion 2018. It includes details about the vulnerability, the affected system, and a high-level overview of the exploit process, but lacks actual exploit code.

Description

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.

Exploits (1)

exploitdb WRITEUP
by Pankaj Kumar Thakur · textwebappscfm
https://www.exploit-db.com/exploits/47392

This is a writeup describing an unrestricted file upload vulnerability in Adobe ColdFusion 2018. It includes details about the vulnerability, the affected system, and a high-level overview of the exploit process, but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Adobe ColdFusion 2018
Auth required
Prerequisites: Access to the management console · Administrator privileges
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103685
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040757

Scores

CVSS v3 6.8
EPSS 0.0494
EPSS Percentile 91.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (2)
broadcom/advanced_secure_gateway 6.6 - 6.6.5.14
broadcom/symantec_proxysg 6.5 - 6.5.10.8
Published Apr 11, 2018
Tracked Since Feb 18, 2026