CVE-2016-9097

HIGH

Symantec ASG <6.6.5.8-ProxySG <6.7.1.2 - Privilege Escalation

Title source: llm

Description

The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101530

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039701

Vendor Advisory x_refsource_confirm

https://www.symantec.com/security-center/network-protection-security-advisories/SA146

Scores

CVSS v3 7.2

EPSS 0.0122

EPSS Percentile 79.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (30)

broadcom/advanced_secure_gateway 6.6

broadcom/advanced_secure_gateway 6.6.3

broadcom/advanced_secure_gateway 6.6.4

broadcom/advanced_secure_gateway 6.6.4.3

broadcom/advanced_secure_gateway 6.6.5.1

broadcom/symantec_proxysg 6.5

broadcom/symantec_proxysg 6.5.1

broadcom/symantec_proxysg 6.5.2

broadcom/symantec_proxysg 6.5.2.10

broadcom/symantec_proxysg 6.5.4.1

... and 20 more

Published May 11, 2017

Tracked Since Feb 18, 2026