CVE-2016-10258

MEDIUM

Broadcom Advanced Secure Gateway < 6.6.5.14 - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.

Exploits (1)

exploitdb WRITEUP

by Pankaj Kumar Thakur · textwebappscfm

https://www.exploit-db.com/exploits/47392

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://www.symantec.com/security-center/network-protection-security-advisories/SA162

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103685

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040757

Scores

CVSS v3 6.8

EPSS 0.1046

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

broadcom/advanced_secure_gateway 6.6 - 6.6.5.14

broadcom/symantec_proxysg 6.5 - 6.5.10.8

Published Apr 11, 2018

Tracked Since Feb 18, 2026