CVE-2017-6326

CRITICAL

Symantec Messaging Gateway < 10.6.3 - Remote Code Execution

Title source: rule

Description

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · rubyremotepython

https://www.exploit-db.com/exploits/42251

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Mehmet Ince <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/symantec_messaging_gateway_exec.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98893

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038785

[Mitigation, Vendor Advisory] https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42251/

Scores

CVSS v3 10.0

EPSS 0.7914

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Status published

Products (2)

symantec/messaging_gateway < 10.6.3

Symantec Corporation/Messaging Gateway All versions prior to version 10.6.3

Published Jun 26, 2017

Tracked Since Feb 18, 2026