CVE-2016-9100
HIGHSymantec ASG/ProxySG <6.6.5.13/<6.7.3.1 - Info Disclosure
Title source: llmDescription
Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040138
Vendor Advisory x_refsource_confirm
https://www.symantec.com/security-center/network-protection-security-advisories/SA155
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102454
Scores
CVSS v3
7.8
EPSS
0.0017
EPSS Percentile
37.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-255
Status
published
Products (7)
broadcom/advanced_secure_gateway
6.6 - 6.6.5.13
broadcom/symantec_proxysg
6.5 - 6.5.10.6
Symantec Corporation/ASG
6.6 prior to 6.6.5.13
Symantec Corporation/ASG
6.7 prior to 6.7.3.1
Symantec Corporation/ProxySG
6.5 prior to 6.5.10.6
Symantec Corporation/ProxySG
6.6 prior to 6.6.5.13
Symantec Corporation/ProxySG
6.7 prior to 6.7.3.1
Published
May 11, 2017
Tracked Since
Feb 18, 2026