CVE-2016-2203

HIGH

Symantec Messaging Gateway - Credentials Management

Title source: rule

Description

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.

Exploits (2)

exploitdb WORKING POC

by Fakhir Karim Reda · rubywebappsjava

https://www.exploit-db.com/exploits/39715

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-Credential-Grabber.html

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/86137

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035609

[Vendor Advisory] http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39715/

Scores

CVSS v3 7.8

EPSS 0.2957

EPSS Percentile 96.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-255

Status published

Products (1)

symantec/messaging_gateway 10.6.0 patch3 (3 CPE variants)

Published Apr 22, 2016

Tracked Since Feb 18, 2026